Google Hacking Database (GHDB) Search the Google Hacking Database or browse GHDB categories
Google's collection of web sites sharing sensitive directories. The files contained in here will vary from sesitive to uber-secret!
DATE
Title
Summary
2003private 06-27 2003secret 06-27 2003Look in my backup directories! Please? 06-24
What kinds of things might you find in directories marked "private?" let's find out..... What kinds of goodies lurk in directories marked as "secret?" Find out...... Backup directories are often very interesting places to explore. More than one server has been ...
200412-30 200412-29 200412-19 200412-19 200412-19 200412-05 200411-28 200411-07 200410-31 200410-20 200410-25 200410-19 200409-24
intitle:"index of" inurl:ftp (pub | inco...
Adding "inurl:ftp (pub | incoming)" to the "index.of" searches helps locati...
allinurl:"/*/_vti_pvt/" | allinurl:"...
Frontpage extensions for Unix ? So be it.....
These directories reveal the configuration file of the abyss webserver. These files can contain... With ColdFusion, you can build and deploy powerful intitle:"Index of /CFIDE/" administrator web applications and web services with far l... Invision Power File Manager is a popular file "Powered by Invision Power File Manager"... management script, written in the popular PHP Scr... This search uses desktop.ini to track users with a intitle:"index of" "parent director... webserver running on their desktop computers... TotalIndex v2.0 is an open source script that is designed intext:"Powered By: TotalIndex" intitle:... to replace the simple, and boring def... This search looks for indexes with the following "intitle:Index.Of /" stats merchant cgi-... subdirectories: stats, merchant, online-store ... This dork indicates the "Local settings" dir in most cases, intitle:"index of" intext:"content.... and browseble server dire... Yes! I probably have should have told you guys earlier, intitle:"index of" -inurl:htm -inurl:htm... but this is how ive been getting 100% ... The DCIM directory is the default name for a few brands index.of.dcim of digital camers. This is not a big ne... The Google Hackers Guide explains how to find Apache intitle:"Directory Listing For" intext:T... directory indexes, which are the most comm... Webadmin.php is a free simple Web-based file manager. intitle:"webadmin - /*" filetype:php dir... This search finds sites that use this sof... intitle:index.of abyss.conf
2004- intitle:index.of (inurl:fileadmin | 09-21 intitle:filead... 2004intitle:"Index of *" inurl:"my shar... 09-10 2004intitle:index.of /AlbumArt_ 08-26 2004intext:"d.aspx?id" || inurl:"d.aspx... 08-05 200407-20 200407-16 200410-31 200407-12 200406-14 200406-02
"index of" / picasa.ini
200406-01 200405-13 200405-11 200405-04 200404-28 200404-28
"Index Of /network" "last modified&...
200404-28 200404-23 200404-19 200403-29 200402-10 200308-12 200403-16
inurl:j2ee/examples/jsp
index.of.password inurl:explorer.cfm inurl:(dirpath|This_Directory) Index of phpMyAdmin filetype:cfg ks intext:rootpw -sample -test howto intitle:"album permissions" "Users ...
TYPO3 is a free Open Source content management system for enterprise purposes on the web and in... These are index pages of "My Shared Folder". Sometimes they contain juicy stuff like ... Directories containing commercial music.AlbumArt_{.*}.jpg are download/create by MSWindows Med... "The YouSendIt team was formed to tackle a common problem: secure transmission of large do... Picasa is an 'Automated Digital Photo Organizer' recently aquired by Google. This search allows... These directories are named "password." I wonder what you might find in here. Warning... Filemanager without authentication.... phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web... Anaconda is a linux configuration tool like yast on suse linux. The root password is often encr... Gallery (http://gallery.menalto.com) is software that allows users to create webalbums and uplo...
Many of these directories contain information about the network, though an attacker would need ... According to whatis.com: "An intranet is a private intitle:intranet inurl:intranet +intext:"huma... network that is contained within an ent... Many times, this search will reveal temporary files and inurl:/tmp directories on the web server. The info... This is the default name of the Windows recycle bin. The "index of" inurl:recycler files in this directory may contain se... This is the default installation location of Oracle inurl:/pls/sample/admin_/help/ manuals. This helps in footprinting a serve... This directory contains sample Oracle JSP scripts which inurl:ojspdemos are installed on the server. These prog...
"index of cgi-bin" intitle:"Index of" cfide intitle:"index.of.personal" intitle:"Index of c:\Windows" "Welcome to phpMyAdmin" " Create ne... inurl:backup intitle:index.of inurl:admin
This directory contains sample JSP scripts which are installed on the server. These programs ma... CGI directories contain scripts which can often be exploited by attackers. Regardless of the vu... This is the top level directory of ColdFusion, a powerful web development environment. This dir... This directory has various personal documents and pictures.... These pages indicate that they are sharing the C:\WINDOWS directory, which is the system folder... phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The default security me... This query reveals backup directories. These directories can contain various information rangin...
200306-27 200306-27 200306-27 200306-27 201505-27 201505-26 201504-23 201504-03 201504-03 201502-27 201502-19 201502-11 201501-06 201402-05 201311-25 201309-24 201308-08 201308-08 201308-08 201304-09 201304-09 201211-02 201111-19
index.of.password protected secure winnt inurl:wp-admin/ intext:css/
These directories are named "password." I wonder what you might find in here. Warning... What could be in a directory marked as "protected?" Let's find out...... What could be hiding in directories marked as "secure?" let's find out...... The \WINNT directory is the directory that Windows NT is installed into by default. Now just be... The dork finds misconfigured WordPress sites.
intitle:"Index of ftp"
Author:NickiK. ... This dork finds open ftps. This is a base dork, where you can add intext:"ssh/" for ...
intitle:index.of.dropbox
Sensitive Directories Ariel Anonis - @ariel_anonis ...
intitle:index.of.accounts
Dork for directory with accounts. By Rootkit. ...
intitle:index.of +"Indexed by Apache::Gallery...
Google dork for finding Private pics ;) :D #13lacKDemOn ... Relates to https://wordpress.org/plugins/wp-backitup/ Sensitive data/site rips/db rips in pu...
inurl:/wp-content/wpbackitup_backups "Config" intitle:"Index of" in... "jos_users" intitle:"Index of" inurl:/cgi-bin/.cgi allinurl:/hide_my_wp= intitle:"index of" intext:".ds_stor... intitle:"index of" myshare inurl:8080 intitle:"Dashboard [Jenkins]" intitle:index.of intext:.bash_history intext:xampp-davunsecure:$apr1$6O9scpDQ$JGw2Tjz0j... "index of" inurl:sym "index of" inurl:root intitle:symlink inurl:ckfinder intext:"ckfinder.html" in... inurl:/xampp
Directory with keys of vpn servers. By Rootkit. ... "jos_users" intitle:"Index of" Files of configuration of user Joomla serve... Finds open index of /cgi-bin. ... i just found a google dork that is file/path disclosure of Hide My WP plugin Google dork -... Mac OSX directories -- -[Voluntas Vincit Omnia]website http://www.erisresearch.org/ Go... Google search for shared HDD directories or shared directories on servers. Gives access to oft... #Summary: Acces to Jenkins Dashboard #Author: g00gl3 5c0u7 ... the GHDB on subject (intitle:index.of intext:.bash_history) finds all home users directory pat... # Exploit Title: google dork for apache directory listing by url edit # Google Dork: intext:xa... Google Dork: "index of" inurl:sym You can Steal the symlinks of other Servers A... Google Dork: index of" inurl:root intitle:symlink Steal Others Symlink Author: Un0wn... Dork: inurl:ckfinder intext:"ckfinder.html" intitle:"Index of /ckfinder" ... this dork looks for servers with xampp installed...
201011-10 201011-10 201011-10 200607-14 2006-
allintext:"WebServerX Server at"
Quick and dirty WebserverX HTTP server google dork ...
intitle:index.of ios -site:cisco.com
Google search for Cisco IOS images Author: fdisk...
intitle:index.of cisco asa -site:cisco.com
Google search for Pix/Asa images Author: fdisk...
intitle:index.of.config allintitle:"FirstClass Login"
These directories can give information about a web servers configuration. This should never be ... allintitle:"FirstClass Login" this is for firstclass directory
02-28 200601-16 200512-01 200511-28 200511-11 200509-26 2005-
listingsgo to http://[... Excelent information for foot holds. Everything from OS, inurl:install.pl intext:"Reading path paramat... to forum software, etc. Other exploits... "Warning: Installation directory exists by this dork you can find fresh installations of Zenat&qu... Cartsee Full Disclosure forums fore detail...
09-26 200509-13 200507-21 200505-02 200503-26 200502-17 200501-16 200501-09 200501-07 200501-05 200501-01 201611-29 201611-29
intitle:"Folder Listing" "Folder Li... directory listing for Fastream NETFile Web Server... intitle:"Backup-Management (phpMyBackup phpMyBackup is an mySQL backup tool, with features v.0.4... like copying backups to a different server u... This search reveals the photo albums taken by Sprint intitle:"pictures thumbnails" site:pictu... PCS customers. Pictures taken with Sprint'... Finds java powered web servers which have indexing intitle:index.of WEB-INF enabled on their config directory...
"Welcome to the directory listing of" &q...
this is for NetworkActiv-Web-Server directory listing...
log inurl:linklint filetype:txt -"checking&qu...
Linklint is an Open Source Perl program that checks links on web sites. This search finds the L...
"Directory Listing for" "Hosted by ...
directory listing for Xerver web server...
intitle:index.of /maildir/new/
search gives you a mailbox dir. Contains a lot of mails....
filetype:torrent torrent
This dork finds any webshared windows folder inside my docs. You can change the end bit "i... Torrent files .. don't expect to find spectacular stuff with this kind of string, this just to ...
"Index of" rar r01 nfo Modified 2004
New Warez Directory Lists...
filetype:ini Desktop.ini intext:mydocs.dll
"Web File Browser" "Use regular exp... intitle:"HFS /" +"HttpFileServer&qu... intitle:upload inurl:upload intext:upload forum -... Hostinger © 2016. All rights reserved inurl:defaul... inurl:".esy.es/default.php"
This will ask google to search for a php script used to manage files on a server. The script &q... "The HttpFileServer is a Java based mechanism for providing web access to a set of files o... The search reveals server upload portals.An attacker can use server space for his own benefit.... Google Dork: Hostinger © 2016. All rights reserved inurl:default.php Hostinger web hosting c... Dork: inurl:".esy.es/default.php" You can add “Here is a list of files in your pub...
201610-04 201608-08 201607-27 201606-06 201606-06 201605-10 201604-21 201603-22 201603-07 201601-06
name =find liferay file page Google dork Description: index:"html/js/editor/fckeditor/ed... inurl:/FCKeditor/editor/filemanager/upload/ Let's you go inurl:/FCKeditor/editor/filemanager/upload/ through unprotected files in the FC... inurl:pictures intitle:index.of Loads of personal pictures inurl:pictures intitle:index.of and what not Sent from trump t... One man's trash is another man's treasure. inurl:trash inurl:trash intitle:index.of intitle:index.of Decoy ... SSH Keys inurl:.ssh intitle:index.of authorized_keys inurl:.ssh intitle:index.of authorized_keys Decoy ... Description: Drupal default web-forms' storage path, inurl:/sites/default/files/webform/ usually a lot of files there contains juic... MAC OS X. Parent Directory Wordpress information. intitle:Index of /__MACOSX ... Xploit ... This dork will find git repository's which may have (intext:"index of /.git") ("parent ... sensitive information. (intext:"ind... inurl:safm.asp ext:asp inurl:safm.asp ext:asp http://atawho.blogspot.com.tr/2016/03/simple-aspfilemanager.html ... Awstats Log file's directory can reveal file/directory intitle: Index of /awstats/data location These logs file may also revea... index:"html/js/editor/fckeditor/editor/filema...
201512-21 201511-13 201511-11 201511-11 201511-02 201510-30
inurl:/server/webapps
201510-22 201510-22 201510-20 201510-19 201510-19 201510-19 201510-16
"Desktop" parent intitle:index.of
intitle:index.of.mail
Google Search: inurl:/server/webapps Submission Date: 12/19/2015 Description: Apache Tomcat... Dork with juicy info. Enjoy xD. Dork by Rootkit Pentester. ...
inurl:pipermail intitle:index.of parent
Pipermail Archives Decoy ...
inurl:"wp-content/uploads/private"
Directories with juicy data. Dork by Rootkit Pentester. ...
intitle:index.of inurl:grades site:edu
Directories containing grades. Decoy ...
intitle:index.of parent inurl:repos
http://www.google.com/search?q=intitle:index.of parent inurl:repos Shared repositories. Very...
"My Documents" "parent" intitl... "sql" "parent" intitle:index.o... inurl:/aspnet_client/system_web/
http://www.google.com/search?q="Desktop" parent intitle:index.of Desktops shared o... http://www.google.com/search?q="My Documents" "parent" intitle:index.of ... Directories containing SQL Installs and/or SQL databases... Decoy ... Google dork Description: Juice Directory "ASP" Google search: inurl:/aspnet_client/s...
inurl:.DS_Store intitle:index.of
Directories with DS_Store files. By Rootkit Pentester. ...
inurl:.listing intitle:index.of
Directories with .listing files. By Rootkit Pentester. ...
inurl:users intitle:index.of
http://www.google.com/search?q=inurl:users intitle:index.of User folders containing interest...
201510-16 201510-16 201509-17 201509-10 201509-07 201509-01 201508-24 201508-19 201508-10 201507-09 201506-30 201506-17 201506-17 201506-10 201506-04
private parent intitle:index.of
http://www.google.com/search?q=private parent intitle:index.of Dork for all sorts of juicy s...
mail spool intitle:index.of
Dork for mail spools. Decoy ...
inurl:"default.php" intext:"website... intitle:"Index.of" "attachments&quo... intitle:"Index of" "WhatsApp Databa... inurl:"/cms/app/webroot" intitle:"Index of" "WhatsApp Images... intitle:"Index of" "DCIM" intext:index of sym intitle:index.of.pubs intitle:"Index of" "wwwroot" intitle:"index of" inurl:"no-ip.com...
Dork= inurl:"default.php" intext:"website" "has been successfully inst... Directories with interesting info. Have Fun Responsible. Dork by Rootkit Pentester. ... this dork find db.crypt/.db files of whatsapp conversations you can open them with https://co... inurl:"/cms/app/webroot" Author:ShockvaWe (mrnoone) özüm ... WhatsApp Images folder, usually from backups. -pmbento ... A lot of Camera Photos Dump. Have Fun!. Rootkit. ... Dork: intext:index of sym Most of hacker use auto server symlink script and grab all the con... Exploit title: intitle:index.of.pubs Description: intitle:index.of.pubs Sensitive Directories... Directory of wwwroot Dork. Enjoy xD. By Rootkit. ... # Exploit Title: intitle:"index of" inurl:"no-ip.com" # Google Dork: intit...
intitle:"Index Of" intext:"iCloud P...
From: Creep Mode Baby ...
inurl:private_files
Directory private files xD. By Rootkit. ...
intitle:"index of" "onetoc2" &...
# Exploit Title: intitle:"index of" "onetoc2" "one" # Google Dor...
https://www.exploit-db.com/google-hacking-database/3/?pg=1
Table of Contents: Footholds Files containing usernames Sensitive Directories Web Server Detection Vulnerable Files Vulnerable Servers Error Messages Files containing juicy info Files containing passwords Sensitive Online Shopping Info Network or vulnerability data Pages containing login portals Various Online Devices credit http://www.exploit-db.com/google-dorks/ 2014-04intitle:”Zimbra Web Client Sign In” 21
Pages containing login portals
2014-04intitle:”Zimbra Web Client Log In” 21
Pages containing login portals
2014-04inurl:typo3/install/index.php?mode= 07
Pages containing login portals
2014-04inurl:typo3conf/localconf.php 07
Files containing passwords
2014-03inurl:/backup intitle:index of backup intext:*sql 31
Files containing passwords
2014-03-
inurl:”Citrix/XenApp/auth/login.aspx”
Pages containing login portals
31 2014-03filetype:pdf “acunetix website audit” &q… 31
Files containing juicy info
2014-03access… Files containing juicy info inurl:crossdomain filetype:xml intext:allow27 2014-03inurl:clientaccesspolicy filetype:xml intext:allow… 27
Files containing juicy info
2014-02intitle:Admin inurl:login.php site:.co.in 28
Pages containing login portals
2014intitle:”WSO 2.4″ [ Sec. Info ], [ Files… 01-03
dork to find uploaded WSO 2.4 shell by hackers. found by
2014intitle:”=[ 1n73ct10n privat shell ]=” 01-03
the dork is used to find uploaded 1n73ct10n Shell on website.
2013- filetype:php intext:”!C99Shell v. 1.0 11-25 beta&qu…
php backdoor: c99 shell — -[Voluntas Vincit Omnia]- website
2013-
intitle:”uploader by ghost-dz” ext:php
Anon?M ID …
found by Anon?M ID …
http://www.erisresearch.org/… intitle:”uploader by ghost-dz” ext:php…
11-25 2013inurl:1337w0rm.php intitle:1337w0rm 08-08
Finds websites that have 1337w0rm’s CPanel cracker uploaded.
2012inurl:”r00t.php” 11-02
This dork finds websites that were hacked, backdoored and contains their system information e…
2012intitle:C0ded By web.sniper 11-02
User & Domain || Symlink Using this dork you can find the User
2012intitle:Priv8 SCR 11-02
Since the Cracker is relatively n…
and the Domains of the Serv… I am Un0wn_X Symlink User configs intitle:Priv8 SCR …
2011- inurl:”amfphp/browser/servicebrowser.swf”… AMFPHP service browser, debug interface. Author: syddd … 09-26 2011allintext:”fs-admin.php” 01-09
A foothold using allintext:”fs-admin.php” shows the world readable directories of a…
2006(intitle:”SHOUTcast Administrator”)|(int… 05-03
sHOUTcast is a free-of-charge audio homesteading solution. It
2006(intitle:”WordPress â€Å 03-15 2006“index of /” ( upload.cfm | upload.asp |… 03-06
permits anyone on the internet to… Alter setup configuration files.add ?step=1… searches for scripts that let you upload files which you can then
execute on the server….
2006- “Please re-enter your password It must match Invision Powerboard registration pages. Plain and simple…. 02-08 … 2006inurl:”tmtrack.dll?” 01-04
This query shows installations of Serena Teamtrack.
(www.serena.com).You may be able to adjust …
2005inurl:polly/CP 10-06
You can get into admin panel without logging….
2005intitle:”net2ftp” “powered by net2f… 09-25
net2ftp is a web-based FTP client written in PHP. Lets explain this in detail. Web-based means …
2005intitle:MyShell 1.1.0 build 20010923 08-15
Basicly MyShell is a php program that allows you to execute
2005- intitle:”YALA: Yet Another LDAP 05-02 Administrator…
YALA is a web-based LDAP administration GUI. The idea is to
commands remotely on whichever serv…
simplify the directory administrati…
2005- intitle:”ERROR: The requested URL could not 04-27 b…
squid error messages, most likely from reverse proxy server s….
2004- inurl:”phpOracleAdmin/php” -
phpOracleAdmin is intended to be a webbased Oracle Object Manager.In
12-19 download -cv…
many points alike phpMyAdm…
2004- PHPKonsole PHPShell filetype:php 11-28 echo
PHPKonsole is just a little telnet like shell wich allows you to run
commands on the webserver….
2004- filetype:php HAXPLORER “Server Files Haxplorer is a webbased filemanager which enables the user to browse 11-28 Browser&… files on the webserver. Yo… 2004- inurl:ConnectComputer/precheck.htm Windows Small Business Server 2003: The network configuration page is called “ConnectCompu… 11-06 | inurl:Remote/… 2004- (inurl:81/cgi-bin/.cobalt/) | 10-22 (intext:”Welco…
The famous Sun linux appliance. The default page displays this
2004- intitle:”Web Data Administrator – 10-09 Login”
The Web Data Administrator is a utility program implemented in ASP.NET
text:”Congratulations on Ch…
that enables you to easi…
2004- “adding new user” inurl:addnewuser- Allows an attacker to create an account on a server running Argosoft 07-20 &quo… mail server pro for window… 2004PHP Shell (unprotected) 07-12
PHP Shell is a shell wrapped in a PHP script. It’s a tool you can use to execute arbiritary she…
2004Public PHP FileManagers 07-12
PHPFM is an open source file manager written in PHP. It is easy to set up
2004-
WS_FTP.LOG can be used in many ways to find more information about a
+htpasswd +WS_FTP.LOG filetype:log
for a beginner, but s…
05-20
server. This query is very…
2003intitle:admin intitle:login 09-09
Admin Login pages. Now, the existance of this page does not necessarily
mean a server is vulner…
2013intext:”root:x:0:0:root:/root:/bin/bash”… Author: ./tic0 | Izzudin al-Qassam Cyber Fighter … 04-22 2013inurl:”/root/etc/passwd” intext:”ho… 04-22 2006site:extremetracking.com inurl:”login=” 07-31
inurl:”/root/etc/passwd” intext:”home/*:” … The search reveals usernames (right in the URL in green) and links to
the sites that are signed…
2005- intext:”SteamUserPassphrase=” 06-05 intext:&qu…
This will search for usernames and passwords for steam
2004OWA Public folders & Address book 06-19
This search jumps right to the main page of Outlook Web Access
2004filetype:conf inurl:proftpd.conf -sample 05-20
A standard FTP configuration file that provides far too many details
2004-
These log files record info about the SSH client PUTTY. These files
filetype:log username putty
05-13
(www.steampowered.com) taken from the St…
Public Folders and the Exchange …
about how the server is se…
contain usernames, site nam…
2004- filetype:reg reg +intext:”internet account This google search reveals users names, pop3 passwords, email 05-12 ma… addresses, servers connected to a… 2004- filetype:reg reg HKEY_CURRENT_USER 05-11 username
This search finds registry files from the Windows Operating system.
2004+intext:”webalizer” +intext:”Total … 05-03
The webalizer program displays various information but this query
2004- inurl:php inurl:hlstats intext:”Server 04-28 Userna…
This page shows the halflife stat script and reveals the username to
2004- index.of perform.ini 04-13
This file contains information about the mIRC client and may include
2004“index of” / lck 04-13
These lock files often contain usernames of the user that has locked
2004inurl:admin filetype:asp inurl:userlist 03-16
This search reveals userlists of administrative importance. Userlists
2004inurl:admin inurl:userlist 03-16
This search reveals userlists of administrative importance. Userlists
2003sh_history files 06-24
Ok, this file contains what a user typed at a shell command prompt. You shouldn’t advertise thi…
2003bash_history files 06-24
Ok, this file contains what a user typed at a shell command prompt.
Considered the “soul&q…
displays usernames that have …
the system. Table structur…
channel and user names….
the file. Username harvest…
found using this method c…
found using this method c…
You shouldn’t advertise thi…
2014allinurl:/hide_my_wp= 02-05
i just found a google dork that is file/path disclosure of Hide My WP plugin Google dork -…
2013intitle:”index of” intext:”.ds_stor… 11-25
Mac OSX directories— -[Voluntas Vincit Omnia]- website
2013intitle:”index of” myshare 09-24
Google search for shared HDD directories or shared directories on
http://www.erisresearch.org/ Go…
servers. Gives access to oft…
2013inurl:8080 intitle:”Dashboard [Jenkins]” #Summary: Acces to Jenkins Dashboard#Author: g00gl3 5c0u7 … 08-08 2013intitle:index.of intext:.bash_history 08-08
the GHDB on subject (intitle:index.of intext:.bash_history) finds all
home users directory pat…
2013- intext:xampp-dav# Exploit Title: google dork for apache directory listing by url edit # 08-08 unsecure:$apr1$6O9scpDQ$JGw2Tjz0j… Google Dork: intext:xa… 2013-
“index of” inurl:sym
04-09 2013“index of” inurl:root intitle:symlink 04-09
Google Dork: “index of” inurl:sym You can Steal the symlinks of other Servers A… Google Dork: index of” inurl:root intitle:symlink Steal Others Symlink Author: Un0wn…
2012inurl:ckfinder intext:”ckfinder.html” in… Dork: inurl:ckfinder intext:”ckfinder.html” intitle:”Index of /ckfinder” … 11-02 2011inurl:/xampp 11-19
this dork looks for servers with xampp installed…
2010allintext:”WebServerX Server at” 11-10
Quick and dirty WebserverX HTTP server google dork …
2010- intitle:index.of ios -site:cisco.com 11-10
Google search for Cisco IOS images Author: fdisk…
2010intitle:index.of cisco asa -site:cisco.com Google search for Pix/Asa images Author: fdisk… 11-10 2006intitle:index.of.config 07-14
These directories can give information about a web servers
2006allintitle:”FirstClass Login” 02-28
allintitle:”FirstClass Login” this is for firstclass directory listingsgo to http://[…
2006- inurl:install.pl intext:”Reading path 01-16 paramat…
Excelent information for foot holds. Everything from OS, to forum
2005- “Warning: Installation directory exists 12-01 at&qu…
by this dork you can find fresh installations of Zen-Cartsee Full
2005- “Welcome to the directory listing of” 11-28 &q… 2005- log inurl:linklint filetype:txt 11-11 “checking&qu… 2005“Directory Listing for” “Hosted by … 09-26
configuration. This should never be …
software, etc. Other exploits…
Disclosure forums fore detail… this is for NetworkActiv-Web-Server directory listing… Linklint is an Open Source Perl program that checks links on web sites.
This search finds the L… directory listing for Xerver web server…
2005- intitle:”Folder Listing” 09-26 “Folder Li…
intitle:”Backup-
directory listing for Fastream NETFile Web Server…
2005Management 09-13
phpMyBackup is an mySQL backup tool, with features like copying backups to a
2005- intitle:”pictures 07-21 thumbnails” site:pictu…
This search reveals the photo albums taken by Sprint PCS customers. Pictures taken
2005- intitle:index.of WEB-INF 05-02
Finds java powered web servers which have indexing enabled on their config
2005- intitle:index.of 03-26 /maildir/new/
search gives you a mailbox dir. Contains a lot of mails….
(phpMyBackup v.0.4…
different server u…
with Sprint’…
directory…
2005- filetype:ini Desktop.ini 02-17 intext:mydocs.dll
This dork finds any webshared windows folder inside my docs. You can change the
2005filetype:torrent torrent 01-16
Torrent files .. don’t expect to find spectacular stuff with this kind of string, this just to …
2005- “Index of” rar r01 nfo 01-09 Modified 2004
New Warez Directory Lists…
end bit “i…
2005- “Web File Browser” “Use This will ask google to search for a php script used to manage files on a server. The 01-07 regular exp… script &q… 2005- intitle:”HFS /” 01-05 +”HttpFileServer&qu…
“The HttpFileServer is a Java based mechanism for providing web access to a set of files o…
2005- intitle:upload inurl:upload The search reveals server upload portals.An attacker can use server space for his 01-01 intext:upload -forum -… own benefit…. 2004- intitle:”index of” inurl:ftp 12-30 (pub | inco…
Adding “inurl:ftp (pub | incoming)” to the “index.of” searches helps locati…
2004- allinurl:”/*/_vti_pvt/” | 12-29 allinurl:”…
Frontpage extensions for Unix ? So be it…..
2004These directories reveal the configuration file of the abyss webserver. These files intitle:index.of abyss.conf can contain… 12-19 2004- intitle:”Index of /CFIDE/” 12-19 administrator
With ColdFusion, you can build and deploy powerful web applications and web
2004- “Powered by Invision 12-19 Power File Manager”…
Invision Power File Manager is a popular file management script, written in the
2004- intitle:”index of” “parent 12-05 director…
This search uses desktop.ini to track users with a webserver running on their desktop computers…
services with far l…
popular PHP Scr…
2004- intext:”Powered By: 11-28 TotalIndex” intitle:…
TotalIndex v2.0 is an open source script that is designed to replace the simple, and
2004- “intitle:Index.Of /” stats 11-07 merchant cgi-…
This search looks for indexes with the following subdirectories: stats, merchant, online-store …
2004- intitle:”index of” 10-31 intext:”content….
This dork indicates the “Local settings” dir in most cases, and browseble server dire…
boring def…
2004- intitle:”index of” -inurl:htm -
Yes! I probably have should have told you guys earlier, but this is how ive been
10-20 inurl:htm…
getting 100% …
2004index.of.dcim 10-25
The DCIM directory is the default name for a few brands of digital camers. This is not a big ne…
2004- intitle:”Directory Listing For” 10-19 intext:T…
The Google Hackers Guide explains how to find Apache directory indexes,
2004- intitle:”webadmin – /*” 09-24 filetype:php dir…
Webadmin.php is a free simple Web-based file manager. This search finds sites
which are the most comm…
that use this sof…
2004- intitle:index.of (inurl:fileadmin TYPO3 is a free Open Source content management system for enterprise 09-21 | intitle:filead… purposes on the web and in… 2004- intitle:”Index of *” inurl:”my 09-10 shar…
These are index pages of “My Shared Folder”. Sometimes they contain juicy stuff like …
2004intitle:index.of /AlbumArt_ 08-26
Directories containing commercial music.AlbumArt_{.*}.jpg are download/create by MS-Windows Med…
2004- intext:”d.aspx?id” || 08-05 inurl:”d.aspx…
“The YouSendIt team was formed to tackle a common problem: secure transmission of large do…
2004“index of” / picasa.ini 07-20
Picasa is an ‘Automated Digital Photo Organizer’ recently aquired by Google. This search allows…
2004-
These directories are named “password.” I wonder what you might find in here.
index.of.password
07-16
Warning…
2004- inurl:explorer.cfm 10-31 inurl:(dirpath|This_Directory)
Filemanager without authentication….
2004Index of phpMyAdmin 07-12
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the Web…
2004- filetype:cfg ks intext:rootpw - Anaconda is a linux configuration tool like yast on suse linux. The root password 06-14 sample -test -howto is often encr… 2004- intitle:”album permissions” 06-02 “Users …
Gallery (http://gallery.menalto.com) is software that allows users to create
webalbums and uplo…
2004- “Index Of /network” “last 06-01 modified&…
Many of these directories contain information about the network, though an attacker would need …
2004- intitle:intranet inurl:intranet 05-13 +intext:”huma…
According to whatis.com: “An intranet is a private network that is contained within an ent…
2004inurl:/tmp 05-11
Many times, this search will reveal temporary files and directories on the web
2004-
This is the default name of the Windows recycle bin. The files in this directory
“index of” inurl:recycler
server. The info…
may contain se…
05-04
2004This is the default installation location of Oracle manuals. This helps in inurl:/pls/sample/admin_/help/ 04-28 footprinting a serve… 2004inurl:ojspdemos 04-28
This directory contains sample Oracle JSP scripts which are installed on the
server. These prog…
2004inurl:j2ee/examples/jsp 04-28
This directory contains sample JSP scripts which are installed on the server. These
2004“index of cgi-bin” 04-23
CGI directories contain scripts which can often be exploited by attackers.
2004- intitle:”Index of” cfide 04-19
This is the top level directory of ColdFusion, a powerful web development
programs ma…
Regardless of the vu…
environment. This dir…
2004intitle:”index.of.personal” This directory has various personal documents and pictures…. 03-29 2004- intitle:”Index of 02-10 c:\Windows”
“Welcome to
2003phpMyAdmin” ” Create 08-12
ne…
These pages indicate that they are sharing the C:\WINDOWS directory, which is the
system folder… phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The
default security me…
2004query reveals backup directories. These directories can contain various 03-16 inurl:backup inurl:admin intitle:index.of This information rangin… 2003index.of.password 06-27
These directories are named “password.” I wonder what you might find in here. Warning…
2003protected 06-27
What could be in a directory marked as “protected?” Let’s find out……
2003secure 06-27
What could be hiding in directories marked as “secure?” let’s find out……
2003winnt 06-27
The \WINNT directory is the directory that Windows NT is installed into by default.
Now just be…
2003private 06-27
What kinds of things might you find in directories marked “private?” let’s find out…..
2003secret 06-27
What kinds of goodies lurk in directories marked as “secret?” Find out……
2003- Look in my backup 06-24 directories! Please? 2006- intitle:”BadBlue: the file-
Backup directories are often very interesting places to explore. More than one
server has been … Badblue file sharing web server detection…
05-23 sharing web server… 2006- intext:”Target Multicast 05-03 Group” “be…
“… Multicast Beacon is a multicast diagnostic tool written in Perl which uses the RTP pr…
2006- intitle:”Apache Status” 05-03 “Apache Ser…
New Apache Server Status Dork…
2006- inurl:wl.exe inurl:?SS1= 02-08 intext:”Operating sy…
List server apparently keeps track of many clients, not just Domains and hardware,
2005- inurl:nnls_brand.html OR 11-16 inurl:nnls_nav.html
Novell Nterprise Linux Services detection dork. Some of the features are:* iFolder*
2005- (intitle:”502 Proxy 05-30 Error”)|(intitle:&qu…
A reverse proxy is a gateway for servers, and enables one web server to provide
2005- intitle:”Welcome to 05-20 602LAN SUITE *”
The 602LAN SUITE runs on a webserver called WEB602/1.04 and includes
2005- intitle:”Document title 05-02 goes here” intit…
intitle:”Welcome To Your
but Operatin…
Samba* NetS…
content from an…
webmail…. IBM Http Server (AS/400)…
2005WebSTAR Home 05-02
This is the default page for the WebSTAR (Macintosh) web server (Headers say –>
2005the 04-27 intitle:”Welcome Advanced ExtranettoSer…
Webserver detection: extensible open sou… The Advanced Extranet Server project aims to create an
Page&qu…
intitle:”Welcome to
Server: Web…
2005Windows Small Business 04-16
Another way to find Small Business Server 2003, for more results check the dork by
2005thttpd webserver 03-29
thttpd is is a webserver written in C and should compile and run on most unix-like
2005- intitle:”IPC@CHIP 03-29 Infopage”
web server detection for IPC@chip embedded webserverThe dork uses the
2005-
YAWS (http://yaws.hyber.org), Yet Another Web Server, is a HTTP high perfomance
03-31 yaws.*.server.at
1.1 webserver. …
Se…
JimmyNeutron…
systems. As …
webserver’s infopage whic…
2005- intitle:”Test Page for the 03-20 Apache HTTP Server…
Apache 2.0 on Fedore Core Test page…
2005- Powered.by.RaidenHTTPD RaidenHTTPD ( http://www.raidenhttpd.com/en ) is a full featured web server software for Window… 03-18 intitle:index.of 2005- (inurl:81-cobalt | inurl:cgiCobal RaQ internal pages… 03-05 bin/.cobalt) 2005- intitle:”welcome to mono
XSD is the demo webserver for the Mono project and allows the execution of
02-15 xsp”
ASP.NET on Unix…
2005- inurl:oraweb 01-27 site:oraweb.org
Oracle administrators tend to naming their servers ora*– maybe because they
2005- “Netware * Home” 01-26 inurl:nav.html
Rather than submitting various searches for all kinds of NetWare related pages,
forget the name of…
Novell NetWare’…
2005- XAMPP 01-21 “inurl:xampp/index”
XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl.
2004inurl:2506/jana-admin 12-13
The JanaServer 2 is amongst other things a proxy server, that makes it possible for
2004- allintext:”Powered by 12-13 LionMax Software” …
WWW File Share Pro is a small HTTP server that can help you share files with your
2004- intitle:”Resin Default 11-30 Home Page”
Resin provides a fast standalone web server. This search locates those servers based
2004- intitle:”Welcome To 11-28 Xitami” -site:xitami…
Default Xitami installationAdditionally every default installation of Xitami webserver
XAMPP is really…
LAN members…
friends. They…
on the tit…
has a te…
2004- intitle:”Welcome to Your 11-13 New Home Page!”…
This finds the default Apache page on Debian installs….
2004- “About Mac OS Personal
Mac OS Personal Web Sharing allows Mac OS users to share Folders over the Web.If
11-07 Web Sharing” 2004- “Switch to table format” 11-07 inurl:table|pla…
you open this … This is an index page of OReilly WebSite Professional.WebsitePro was developed by
O’reily and d…
2004- intitle:”Object not found!” This one detects apache werbservers (2.0.X/SuSE) with its error page…. 10-12 intext:”… 2004- intitle:”Open WebMail” 10-12 “Open WebMai…
“Open WebMail is a webmail system based on the Neomail version 1.14 from Ernie Miller. Ope…
2004- intitle:”error 404″ “From 10-12 RFC 2068 …
WebLogic Server Process Edition extends the functionality of the Application Server by convergi…
2004- intitle:”Directory Listing, 10-12 Index of /*/”…
Vendor page:”Einfache HTTP-Server-Software für privates HomepageHosting …
2004- intitle:”Lotus Domino Go 10-12 Webserver:” &qu…
Domino Go Webserver is a scalable high-performance Web server that runs on a
broad range of pla…
2004- intitle:”Object not found” This search will show netware apache webservers as the result…. 10-09 netware “… intitle:AnswerBook2 200409-26 inurl:ab2/ (inurl:8888 |
First of all this search indicates solaris machines and second the webservice is vulnerable to …
2004- intext:”404 Object Not 08-16 Found” Microsoft-…
This search finds IIS 5.0 error pages = IIS 5.0 Server…
inurl…
2004- intitle:”Shoutcast 07-29 Administrator”
shoutcast is software for streaming mp3 and such. This search finds the
2004- “powered by” 07-29 “shoutstats” hour…
shoutstats is a fast, free Shoutcast server statistic analysis program. It produces
administrator page. It …
instant and…
2004- “Novell, Inc” WEBACCESS This may be used to find Novell Grouwise Webaccess servers…. 07-26 Username Passwor… 2004- “httpd+ssl/kttd” * server 07-19 at intitle:ind…
The version of a particular web server can be detected with a simple query like this
one. Altho…
2004- fitweb-wwws * server at The version of a particular web server can be detected with a simple query like this 07-19 intitle:index.of one. Altho… 2004- sEDWebserver * server 07-19 +at intitle:index.of
The version of a particular web server can be detected with a simple query like this
2004- “Red Hat Secure/3.0 07-19 server at”
The version of a particular web server can be detected with a simple query like this
200407-19 “Red Hat Secure/2.0”
The one.version Altho… of a particular web server can be detected with a simple query like this
2004- “OpenSA/1.0.4” 07-19 intitle:index.of
The version of a particular web server can be detected with a simple query like this
2004- “OmniHTTPd/2.10” 07-19 intitle:index.of
The version of a particular web server can be detected with a simple query like this
2004- “Microsoft-IIS/6.0” 07-19 intitle:index.of
The version of a particular web server can be detected with a simple query like this
one. Altho…
one. Altho…
one. Altho…
one. Altho…
one. Altho…
2004- “Microsoft-IIS/5.0 server The version of a particular web server can be detected with a simple query like this one. Altho… 07-19 at”
2004- “Microsoft-IIS/4.0” 07-19 intitle:index.of
The version of a particular web server can be detected with a simple query like this
one. Altho…
2004- “Microsoft-IIS/* server at” The version of a particular web server can be detected with a simple query like this one. Altho… 07-19 intitle:inde… 2004- “MaXX/3.1” 07-19 intitle:index.of
The version of a particular web server can be detected with a simple query like this
2004- “JRun Web Server”
The version of a particular web server can be detected with a simple query like this
07-19 intitle:index.of
one. Altho…
2004- “CERN httpd 3.0B (VAX 07-19 VMS)”
The version of a particular web server can be detected with a simple query like this
2004- “AnWeb/1.42h” 07-19 intitle:index.of
The version of a particular web server can be detected with a simple query like this
2004- Red Hat Unix 07-12 Administration
Red Hat UNIX Administration Pages. This search detects the fixed title for the admin
2004Environment vars 07-02
This is a generic way of grabbing those CGI-spewed environmental var lists. To
2004- allinurl:”.nsconfig” 06-18 sample -howto -tut…
Access to a Web server’s content, CGI scripts, and configuration files is controlled by entries…
2004inurl:domcfg.nsf 05-17
This will return a listing of servers running Lotus Domino. These servers by default
2004- intitle:”300 multiple 05-13 choices”
This search shows sites that have the 300 error code, but also reveal a server tag at
2004- intitle:Snap.Server 04-23 inurl:Func=
This page reveals the existance of a SNAP server (Netowrk attached server or NAS
2004- intitle:”Test Page for
This is the default web page for Apache 1.2.6– 1.3.9. Hackers can use this
04-20 Apache” allintitle:Netscape 2004FastTrack Server Home 03-18 Page
information to dete…
2004- intitle:”Test Page for 03-04 Apache” “It …
This is the default web page for Apache 1.2.6– 1.3.9. Hackers can use this
2004- intitle:”Test Page for 03-04 Apache” “It …
This is the default web page for Apache 1.2.6– 1.3.9. Hackers can use this
2004- “seeing this instead” 03-04 intitle:”test…
This is the default web page for Apache 1.3.11– 1.3.26. Hackers can use this
one. Altho…
one. Altho…
one. Altho…
pages on c…
narrow to things…
have very…
the botto…
devices) Depen…
This finds default installations of Netscape Fasttrack Server. In many cases, default
installat…
information to dete…
information to dete…
information to de…
aboutprinter.shtml (More 2003More Xerox printers on the web! Google found these printers. Should their Xerox printers on the 08-11 management interface …
web…
index_i.shtml Ready 2003(Xerox printers on the 08-11 web!) 2003- inurl:tech-support 08-07 inurl:show Cisco
These printers are not-only web-enabled, but their management interface somehow
got crawled by … This is a way to find Cisco products with an open web interface. These are generally
supposed t…
2003I like the OpenBSD operating system. I really do. And I like the Apache web server OpenBSD running Apache software. Ho… 06-24 2003IIS 4.0 06-24
Moving from personal, lightweight web servers into more production-ready
2003- Windows 2000 Internet 06-24 Services
At first glance, this search reveals even more examples of operating system users
2003- Apache online 06-24 documentation
When you install the Apache web server, you get a nice set of online documentation. When you le…
software, we find that…
enabling the …
2013- -site:simplemachines.org “These Dork: -site:simplemachines.org “These are the paths and URLs to your SMF 09-24 are the paths… installation&qu…
Didn’t see this anywhere in the GHDB, but its been known for a while and 2011allinurl:forcedownload.php?file= widely abused by oth… 08-25 2011- ionCube Loader Wizard 05-28 information disclosure
inurl:loader-wizard ext:php This dork displays sensitive information Auth0r:
2011vBulletin Install Page Detection 05-27
inurl:/install/install.php intitle:vBulletin * Install System This dork displays the
2006inurl:”simplenews/admin” 09-13 2006- inurl:updown.php | 02-28 intext:”Powered by PHP Upl…
MaXe…
untreat… hxxp://evuln.com/vulns/94/summary.html… this (evil ) script lets you to upload a php shell on target server, in most cases
not password…
2005- inurl:guestbook/guestbooklist.asp A sql vulnerability has been reported in a Techno Dreams asp script, 12-19 “Post Date&… login.asp. http://search.s… 2005intitle:”CJ Link Out V1″ 10-26
A cross site scripting vunerability has been discovered in CJ linkout version
2005“powered by mailgust” 09-26
MailGust 1.9/2.0 (possibly prior versions) SQL injection / board
2005-
My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site:
09-26 “powered by my little forum”
http://www.mylittlehomepage.net/my_li…
1.x. CJ linkout i…
takevorsoftware:site: http://w…
2005- intitle:”Control panel” “Control 09-25 Pa…
Build, manage and customize your own search engine friendly news / article site from scratch –…
2005inurl:cartwiz/store/index.asp 09-25
The CartWIZ eCommerce Shopping Cart System will help you build your
2005- “e107.org 2002/2003” 09-13 inurl:forum_post.ph…
e107 is prone to an input validation vulnerability. This issue is due to a failure
2005-
several vulnerabilities relating to this.MaxWebPortal is a web portal and
online store through an int…
in the appli…
“maxwebportal” inurl:”default”…
09-13
online community syst…
2005- “Mail-it Now!” intitle:”Contact 09-11 for…
Mail-it Now! 1.5 (possibly prior versions) contact.php remote code
2005- “Warning:” “Cannot execute a 09-11 blank …
“Warning: passthru(): Cannot execute a blank command in” “Warning: system(): Can…
2005“Powered by Xcomic” 09-08
“Powered by xcomic”this is a recent exploit, you can retrieve any file on target syst…
2005“Powered by FunkBoard” 08-08
FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible
2005- “Powered by FlexPHPNews” 08-07 inurl:news | in…
24/07/2005 2.38.13Flex PHPNews 0.0.4 login bypass/ sql injection, cross site
2005- “Powered By: Simplicity oF 08-07 Upload” inurl…
26/07/2005 16.09.18Simplicity OF Upload 1.3 (possibly prior versons) remote
executionsite: http://www.sk…
database username/pa…
scripting & re…
code execution &…
2005- inurl:nquser.php 08-07 filetype:php
Netquery 3.1 remote commands execution, cross site scripting, information
2005- PHPFreeNews 08-07 inurl:Admin.php
29/07/2005 8.36.03PHPFreeNews Version 1.32 (& previous) sql injection/login
2005-
silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote
“Powered by SilverNews”
disclosure poc exploi…
bypass, cross s…
08-07
commands e…
2005- “Powered by Gravity 08-07 Board”
4.22 07/08/2005 Gravity Board X v1.1 (possibly prior versions) Remote code
2005- filetype:mdb “standard 07-26 jet”
These Microsoft Access Database files may contain usernames, passwords or simply
2005- intitle:”PHPstat” 06-03 intext:”Browser&q…
Phpstat shows nice statistical informatino about a website’s visitors. Certain versions are als…
execution, SQL Injec…
prompts for su…
2005- intitle:”SSHVnc Applet”OR sSHTerm Applet en SSHVnc Applet pages…. 05-20 intitle:”…
Anonymous surfing with bigate.cgi. Remove http:// when you copy paste or it won’t 2005inurl:cgi-bin inurl:bigate.cgi 04-27 work…. filetype:pl 2004intext:”/usr/bin/perl” 12-01
inur…
2004- filetype:mdb 11-30 inurl:”news/news”
WebCal allows you to create and maintain an interactive events calendar or
scheduling system on… Web Wiz Site News unprotected database holds config and admin information in a
microsoft access…
2004- inurl:php.exe filetype:exe - It is possible to read any file remotely on the server with PHP.EXE (assuming a script 11-28 example.com alias fo… 2004- “Powered by Land Down 11-18 Under 601”
sQL injection vulnerability in Land Down Under 601 could give an attacker
2004- ext:asp “powered by 11-16 DUForum” inurl:(mess…
DUForum is one of those free forum software packages. The database location is
2004- ext:asp inurl:DUgallery 11-16 intitle:”3.0″ -s…
The MS access database can be downloaded from inside the docroot. The user table
2004- filetype:cgi 11-04 inurl:cachemgr.cgi
cachemgr.cgi is a management interface for the Squid proxy service. It was installed
2004“powered by YellDL” 10-31
Finds websites using YellDL (or also known as YellDownLoad), a download tracker
2004- inurl:click.php 10-27 intext:PHPClickLog
A script written in PHP 4 which logs a user’s statistics when they click on a link. The log is…
2004- “File Upload Manager 10-27 v1.3” “rename …
thepeak file upload manager let you manage your webtree with up and
2004- intitle:”phpremoteview” 10-26 filetype:php &qu…
phpRemoteView is webbased filemanger with a basic shell. With this an attacker
2004- intitle:”ASP FileMan” 10-19 Resend -site:iiswo…
FileMan is a corporate web based storage and file management solution for intra-
administrative access…
determined by th…
holds the admi…
by default…
written in PHP….
downloading files….
can browse the s…
and internet. …
2004ezBOO WebStats is a high level statistical tool for web sites monitoring. It ezBOO “Administrator Panel” -cvs 10-16 allows real time … 2004- intitle:mywebftp “Please enter 10-14 your password&…
MyWebFTP Free is a free lite version of MyWebFTP Personal– a PHP script
providing FTP client c…
2004Dirlist is an ASP script that list folders in an explorer style: * Tree * Detailed intitle:”Directory Listing” “tree v… 10-14 * Tiled … 2004inurl:changepassword.cgi -cvs 10-09
Allows a user to change his/her password for authentication to the system.
Script allows for r…
2004- inurl:” WWWADMIN.PL” 10-06 intitle:”wwwad…
wwwadmin.pl is a script that allows a user with a valid username and
2004inurl:cgi.asx?StoreID 10-05
BeyondTV is a web based software product which let you manage your TV
2004filetype:lit lit (books|ebooks) 09-18
Tired of websearching ? Want something to read ? You can find Ebooks
2004- PHP-Nuke – create super user
PHP-Nuke is a popular web portal thingie. It has popped up in the Google
09-13 right now !
dorks before. I think …
2004Gallery configuration setup files 09-10
Gallery is a popular images package for websites. Unfortunately, with so
2004- inurl:”nph-proxy.cgi” “Start 09-09 browsi…
Observing the web cracker in the wild, one feels like they are watching a
password, to delete files …
station. All you need is …
(thousands of them) with t…
many users, more bugs …
bear. Like a bear sto…
2004Toast Forums is an ASP message board on the Internet. Toast Forums also link:http://www.toastforums.com/ 09-06 has all the features of… 2004inurl:”plog/register.php” 09-06
pLog is a popular form of bloggin software. Currently there are estimated
2004- inurl:robpoll.cgi filetype:cgi 08-30
robpoll.cgi is used to administrate polls.The default password used for
2004- intitle:”PHP Explorer” ext:php 08-20 (inurl:ph…
This searches for PHP Explorer scripts. This looks like a file manager with
2004ext:cgi inurl:ubb6_test 08-13
The UBB trial version contains files that are not safe to keep online after
2004filetype:inc inc intext:setcookie 08-01
Cookies are often used for authentication and a lot of other stuff.The “inc” php head…
2004filetype:wsdl wsdl 08-01
The XML headers are called *.wsdl files.they can include data, functions or
2004filetype:cnf my.cnf -cvs -example 07-21
The MySQL database system uses my.cnf files for configuration. It can
about 1450 sites runn…
adding polls is ‘robpol…
some nice extra opt…
going live. The ins…
objects. An attacke…
include a lot of informat…
2004Programmers do strange things sometimes and forget about security. This filetype:php inurl:”viewfile” -“ind… 06-16 search is the perfect e… 2004- intitle:”Index of /” modified 06-10 php.exe 2014inurl:”/reports/rwservlet” intext:”… 02-05
PHP installed as a cgi-bin on a Windows Apache server will allow an attacker
to view arbitrary … Search Oracle Reports likely vulnerable to DB user/password disclosure (CVE-2012-3152 and CVE…
2013inurl:”struts” filetype:action 11-25
Google search for actoin files wich could be explotable via CVE-2013-
2251 “Multiple Remot…
inurl:.php? 2013inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin intext:CHARACTER_SETS,COLLATIONS, view phpMyAdmin of web sit… 08-08
?int…
2012inurl:/wp-content/w3tc/dbcache/ 12-31
– Jay Townsend…
2012- intext:SQL syntax & 12-31 inurl:index.php?=id & …
# Exploit Title: SQLI Exploit # Google Dork: intext:SQL syntax &
2012intext: intext: intext: intext: intext: 08-21
More than 100k sites affected It will show asp sites that are vulnerable to
2012intitle:awen+intitle:asp.net 05-15
Hi, This google dork exposes any already uploaded asp.net shells which
2012- intitle:”-N3t” filetype:php 05-15 undetectable
intitle:”-N3t” filetype:php undetectable Search WebShell indexed on a page. — …
2011- inurl:.php intitle:- BOFF 1.0 intext:[ 12-23 Sec. Info ]
This search attempts to find the BOFF 1.0 Shell. Author: alsa7r …
inurl:index.php?=id &…
sql injection (…
are available in Bac…
2011- filetype:php inurl:tiki-index.php 11-25 +sirius +1.9.*
Finds servers vulnerable to the CVE-2007-5423 exploit. Author: Matt
2011- filetype:php inanchor:c99 inurl:c99 11-24 intitle:c99she…
This search attempts to find the c99 backdoor that may be knowingly or
2011- inurl:php intitle:”Cpanel , FTP 11-19 CraCkeR” 2011intitle:#k4raeL – sh3LL 10-11
Jones …
unknowingly installed o… locates cpanel and ftp cracker. Author: alsa7r … intitle:#k4raeL – sh3LL Finds K4rael Shell , though many of them are dead
but we can get som…
201109-26 inurl:view.php?board1_sn=
locates a webapp vulnerable to SQL injection …
2011intitle:m1n1 1.01 07-26
find the b374k shell…. Submitted by : biLLbud …
2011intitle:Locus7shell intext:”Software:” Submitted by lionaneesh — Thanks intitle:Locus7shell intext:”Software:” 05-03 Ane… 2011intitle:”[EasyPHP] – Administration” 03-23
Unprotected EasyPHP Admin page detection.. Author: Aneesh Dogra
(lionaneesh) …
2011- MySQL: ON MSSQL: OFF Oracle: OFF Author :- eXeSoul You will get lots of web shells even some private 02-24 MSSQL: OFF Postgr… shells….
2011intitle:cyber anarchy shell 02-24
Submitter: eXeSoul cyber anarchy shell …
2010inurl:/vb/install/upgrade.php 12-10
Vbulletin custom updrade wizards. Author: ScOrPiOn…
2010inurl:/vb/install/install.php 12-10 2010- “CGI-Telnet Unit-x Team
Vbulletin installation wizards, allow users to modify installation parameters. May also rev
Locates CGI-Telnet web shells. Author: ScOrPiOn…
12-09 Connected to *.com&qu… 2010- “www.*.com – c99shell” OR 12-08 “www.*.ne…
Locates c99 web shells Author: ScOrPiOn…
2010- “safe_mode: * PHP version: * Locates r57 web shells Author: ScOrPiOn… 12-07 cURL: * MySQL… 2010“r57shell” 12-07
Locates r57 web shells Author: ScOrPiOn…
2010“r57shell 1.4” 12-07
Locates r57 web shells Author: ScOrPiOn…
2010- “[ phpinfo ] [ php.ini ] [ cpu ] [ Locates r57 web shells Author: ScOrPiOn… 12-07 mem ] … 2010- inurl:index.php?pagedb=rss 11-13 Vulnerability -inurl
CVE: 2007-4007 EDB-ID: 4221 This google dork possibly exposes sites with the Article Dir
2006- intitle:”Uploader – Uploader 05-03 v6″ -pixloa…
File upload servers, dangerous if used in couple with mytrashmail.com…
2006intitle:”MvBlog powered” 04-25
MvBlog is prone to multiple input-validation vulnerabilities. These issues are due to a fail
2006- intitle:”Horde :: My Portal” -
Hi It will give you administrative ownership over Horde webmail system plus all users in
02-03 “[Tic… 2006inurl:rpSys.html 01-22
Web configuration pages for various types of systems. Many of these systems are not
2006- filetype:pl intitle:”Ultraboard 01-16 Setup”
setup pages to the ultraboard system….
password pr…
2005- “Welcome to Administration” This reveals admin site for Argo Software Design Mail Server…. 09-17 “Genera… 2005XOOPS Custom Installation 09-16
XOOPS custom installation wizards, allow users to modify installation parameters. May al
reve…
2005- “you can now password” | 09-15 “this is a… 2005- “set up the administrator 07-03 user” inurl:pi… 2005“html allowed” guestbook 06-11 2005- “Powered by: vBulletin
IMchaos link tracker admin pages. Reveals AIM screennames, IP ADDRESSES AND OTHER
via deta… Using this, you can find sites with a Pivot weblog installed but not set up. The default set When this is typed in google it finds websites which have HTML Enabled guestbooks. Thi
real… This google dork reveals vulnerable message boards. It works for all Vbulletin version up
03-19 Version 1.1.5” 2005This search brings up results for Novell NetWare’s Web Search Manager.. at best the site inurl:”/NSearch/AdminServlet” 01-26 … 2005inurl:servlet/webacc 01-06
I was playing around on the net when I found a small problem with Novell’s WebAcces. With User….
2004- “There are no Administrators 12-27 Accounts” i…
This is a more specific search for the vulnerable PhpNuke index already seen
2004- intitle:”Mail Server CMailServer 12-04 Webmail”…
CMailServer is a small mail webmail server. Multiple vulnerabilities were
2004- inurl:newsdesk.cgi? inurl:”t=” 11-07
Newsdesk is a cgi script designed to allow remote administration of website
2004- (inurl:/shop.cgi/page=) | 11-07 (inurl:/shop.pl/page=)
This is a “double dork” finds two different shopping carts, both vulnerable1) Cyber-V…
on this website.Ph…
found, including buff…
news headlines.Due …
2004AOL Journals BlogID Incrementing Discloses Account Names and Email inurl:aol*/_do/rss_popup?blogID= AddressesAOL Journals is bas… 11-06 2004- natterchat inurl:home.asp 11-05 site:natterchat.co.uk
NatterChat is a webbased chat system written in ASP.An SQL injection
vulnerability is identifie…
2004- intitle:phpMyAdmin “Welcome to phpMyAdmin is a tool written in PHP intended to handle the administration 10-31 phpMyAdmin ***…
of MySQL over the Web…
2004- intitle:phpMyAdmin “Welcome to search for phpMyAdmin installations that are configured to run the MySQL 08-21 phpMyAdmin ***… database with root pri… 2004“ftp://” “www.eastgame.net” 08-20
Use this search to find eastgame.net ftp servers, loads of warez and that sort
2004- intext:”Warning: * am able * 08-13 write ** configu…
OsCommerce has some security issues, including the following warning
2004- allinurl:”index.php” 07-29 “site=sglinks&…
Easyins Stadtportal v4 is a German Content Management System for cities
of thing.”t…
message: “Warning: I …
and regions. Version 4 …
2004- inurl:”index.php? 07-29 module=ew_filemanager”
http://www.cirt.net/advisories/ew_file_manager.shtml:Product: EasyWeb FileManager Module – http…
2004filetype:cgi inurl:”fileman.cgi” 07-26
This brings up alot of insecure as well as secure filemanagers. These software
solutions are of…
2004Zero X reported that “Web_Store.cgi” allows Command Execution:This filetype:cgi inurl:”Web_Store.cgi” 07-26 application was wr… 2004-
(“Indexed.By”|”Monitored.By”) …
hAcxFtpScan – software that use ‘l33t h@x0rz’ to monitor their file stroz on
07-26
ftp. On the ftp se…
2004- “Welcome to the Prestige Web06-04 Based Configurat…
This is the configuration screen for a Prestige router. This page indicates that
2004filetype:php inurl:vAuthenticate 06-04
vAuthenticate is a multi-platform compatible PHP and MySQL script which
2004- intitle:”Samba Web 05-04 Administration Tool” …
This search reveals wide-open samba web adminitration servers. Attackers can change options on …
2004- intitle:”Gateway Configuration 04-28 Menu”
This is a normally protected configuration menu for Oracle Portal Database
the router has…
allows creation of new …
Access Descriptors (…
2004- inurl:pls/admin_/gateway.htm This is a default login portal used by Oracle. In addition to the fact that this file can be us… 04-28 2004allinurl:install/install.php 04-06
Pages with install/install.php files may be in the process of installing a new
2004allinurl:intranet admin 03-29
According to whatis.com: “An intranet is a private network that is contained within an ent…
2004- “Select a database to view” 03-29 intitle:&quo…
An oldie but a goodie. This search locates servers which provides access to
2004- “Welcome to PHP-Nuke”
This finds default installations of the postnuke CMS system. In many cases,
03-18 congratulations
default installatio…
2004inurl:info.inc.php 03-14
From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 – 0…
2004inurl:footer.inc.php 03-14
From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 – 0…
2004inurl:search.php vbulletin 03-04
Version 3.0.0 candidate 4 and earlier of Vbulletin may have a cross-site scripting
0000“Welcome to Intranet” 00-00
According to whatis.com: “An intranet is a private network that is contained within an ent…
service or progr…
Filemaker pro datab…
vulnerabilit…
2004- intitle:”Remote Desktop Web Microsoft Remote Desktop Connection Web Connection pages. These pages are 03-04 Connection” not necessarily insec… 2004- intitle:”Terminal Services Web Microsoft Terminal Services Web Connector pages. These pages are not necessarily insecure, sine… 03-04 Connection&quo… 2004inurl:ManyServers.htm 03-04
Microsoft Terminal Services Multiple Clients pages. These pages are not
2004- intitle:osCommerce
This is a decent way to explore the admin interface of osCommerce e-commerce
03-04 inurl:admin intext:”redist…
sites. Depending o…
necessarily insecure, s…
2004Gallery is a nice little php program that allows users to post personal pictures on Gallery in configuration mode 03-04 their websi… 2004“YaBB SE Dev Team” 03-04
Yet Another Bulletin Board (YABB) SE (versions 1.5.4 and 1.5.5 and perhaps
others) contain an S…
2003- Hassan Consulting’s Shopping These servers can be messed with in many ways. One specific way is by way of 07-08 Cart Version 1.18 the “../”… 2005- intext:”Powered by XX-Cart (version 4.0.8) has multiple input validation vulnerabilities. There doesn’t 06-03 Cart: shopping cart soft… seem to be … 2005- intext:”powered by 05-29 Hosting Controller” i…
Description:==============Hosting Controller is a complete array of Web hosting
automation tool…
site:ups.com 2004Ever use the UPS Automated Tracking Service?? Wanna see where packages are intitle:"Ups Package 11-25 going? Want to Man-i… trackin… 2004inurl:midicart.mdb 10-10
MIDICART is s an ASP and PHP based shopping Cart application with MS Access and
2004- “More Info about 10-10 MetaCart Free”
MetaCart is an ASP based shopping Cart application with SQL database. A security
200410-10 inurl:shopdbtest.asp
shopdbtest is an ASP page used by several e-commerce products. A vulnerability in the script al…
SQL database. A…
vulnerability …
2004Comersus is an e-commerce system and has been installed all over the world in more Comersus.mdb database 07-12 than 20000 s… 2004- VP-ASP Shop 06-25 Administrators only
VP-ASP (Virtual Programming– ASP) has won awards both in the US and France. It is
2004- POWERED BY HIT 06-06 JAMMER 1.0!
Hit Jammer is a Unix compatible script that allows you to manage the content and
now in use i…
traffic exchan…
2014 -02- “[function.getimagesize]: failed to open stre… 05
Just another error that reveals full paths…
2014 -02- intext:”Access denied for” intitle:”… 05 2013 inurl:advsearch.php?module= & intext:sql -04synta… 09 2012 -12- intext:”Fatal error: Class ‘Red_Action’ not f…
Here is a Dork I use in conjunction with sqlmap, for shopping
carts with MySQL Error messages…
Exploit Title : SQLI Exploit Google Dork :
inurl:advsearch.php?module= & intext:sql syntax…
Dork to find Plugin errors in wordpress websites Dork–
intext:”Fatal error: Class ‘Red_A…
06 2012 -08- “CHARACTER_SETS” “COLLATION_CHARACT… 21
“CHARACTER_SETS”+”COLLATION_CHARACTER_SET_APPLICABI LITY” find sql injectab…
2012 -05- inurl:”*.php?*=*.php” intext:”Warni… 15
PHP Error Messages…
2011 Author: eidelweiss inurl:”index.php?m=content+c=rss+catid=10&q -01http://host/index.php?m=content&c=rss&catid=5 show MySQL uo… Error (tabl… 21 2010 -12- “plugins/wp-db-backup/wp-db-backup.php” 08
Many of the results of the search show error logs which give an attacker the server side paths …
2010 -11- allintext:”fs-admin.php” 11
A foothold using allintext:”fs-admin.php” shows the world readable directories of a p…
2006 -06- intitle:”Apache Tomcat” “Error Repo… 15 2006 -04- “Unable to jump to row” “on MySQL r… 25
Apache Tomcat Error messages. These can reveal various kinds
information depending on the type …
another error message…
2006 -04- “Warning: Bad arguments to (join|implode) () … and another error. open it from cache when not working…. 25 2006 -04- “Warning:” “failed to open stream: … 25
Just another error message….
2006 This dork reveals logins to databases that were denied for some -04- “Warning: mysql_connect(): Access denied for …
reason….
25
2006 -04- “Warning: Division by zero in” “on … 25 2006 -03- filetype:asp + “[ODBC SQL” 13
Just another error that reveals full paths….
This search returns more than just the one I saw already here.
This one will return all ODBC SQ…
2005 -09- “Warning:” “SAFE MODE Restriction i…
This error message reveals full path information. Recommend
use of site: operator to narrow sea…
25 2005 -09- “Warning: Supplied argument is not a valid Fi… 25 2005 “There seems to have been a problem with -08the&… 16 2005 -04- intitle:”Default PLESK Page” 26 2005- “Parse error: parse error, 04-26 unexpected T_VARIA…
This error message cqan reveal path information. This message (like other error messages) is of…
search reveals database errors on vbulletin sites. View the page
source and you can get informa…
Plesk Server Administrator (PSA) is web based software that
enables remote administration of we…
PHP error with a full web root path disclosure…
"SQL Server 2005Driver][SQL Server]Line 1: you can find many servers infected with sql injection… 04-07
In…
2005- Netscape Application 04-05 Server Error page
This error message highlights potentially unpatched or misconfigured Netscape
2005- intext:”Error Message : 01-26 Error loading require…
This throws up pages which contain “CGI ERROR” reports – which include the file (and …
Application Serve…
2004- “Warning: mysql_query()” MySQL query errors revealing database schema and usernames…. 11-28 “invalid q… 2004- intitle:Configuration.File 11-13 inurl:softcart.exe 2004- “The script whose uid is ” 10-16 “is not …
This search finds configuration file errors within the softcart application. It includes
the na… This PHP error message is revealing the webserver’s directory and user ID….
2004snitz forums uses a microsoft access databases for storage and the default name is snitz! forums db path error 09-07 “Snitz_… 2004- filetype:log “PHP Parse
This search will show an attacker some PHP error logs wich may contain
08-14 error” | “P…
information on wich an a…
2004- “ASP.NET_SessionId” “data .NET pages revealing their datasource and sometimes the authentication 07-26 source=&q… credentials with it. The… 2004- “ORA-12541: TNS:no 07-16 listener” intitle:&qu…
In many cases, these pages display nice bits of SQL code which can be used by an attacker to mo…
2004- filetype:php 07-16 inurl:”logging.php” “D…
Discuz! Board error messages related to MySQL. The error message may be empty
2004- “Internal Server Error”
We have a similar search already, but it relies on “500 Internal Server” which
07-16 “server at&…
doesn’…
2004- PHP application warnings 07-14 failing “include_pat…
These error messages reveal information about the application that created them
2004- intext:”Warning: Failed 07-09 opening” “o…
These error messages reveal information about the application that created them
2004ht://Dig htsearch error 06-24
The ht://Dig system is a complete world wide web indexing and searching system for a domain or …
2004- intitle:”Error Occurred 06-24 While Processing Requ…
Cold fusion error messages logging the SQL SELECT or INSERT statements and the
2004- intitle:”Error using 06-15 Hypernews” “Se…
HyperNews is a cross between the WWW and Usenet News. Readers can browse
2004- “Invision Power Board 05-28 Database Error”
These are SQL error messages, ranging from to many connections, access denied to
2004- “error found handling the 07-29 request” cocoo…
Cocoon is an XML publishing framework. It allows you to define XML documents
or contain path i…
as well as reve…
as well as reve…
location of the …
through the messages w…
user xxx, show…
and transformation…
2004- intitle:”Execution of this 04-28 script not permitt…
This is a cgiwrap error message which displays admin name and email, port numbers,
2004- intitle:”Error Occurred”
This is a typical error message from ColdFusion. A good amount of information is
04-19 “The error… 2004- warning “error on line” 03-11 php sablotron
available from…
2004- “Fatal error: Call to 03-16 undefined function”…
This error message can reveal information such as compiler used, language used, line
2004- filetype:asp “Custom 03-16 Error Message” Cate…
This is an ASP error message that can reveal information such as compiler used,
2004- “Can’t connect to local” 03-04 intitle:warning
Another SQL error message, this message can display database name, path names
path names, …
sablotron is an XML toolit thingie. This query hones in on error messages generated
by this too…
numbers, p…
language used, …
and partial SQL c…
2004- intitle:”Under 03-04 construction” “does …
This error message can be used to narrow down the operating system and web
2004- “access denied for user” 03-04 “using pas…
Another SQL error message, this message can display the username, database, path
server version which…
names and part…
2004- “Warning: Cannot modify A PHP error message, this message can display path names, function names, 03-04 header information– … filenames and partial… 2004- “Warning: pg_connect():
This search reveals Postgresql servers in yet another way then we had seen before.
08-25 Unable to connect to …
Path informa…
An unexpected token 2004“END-OF-STATEMENT” 03-04
A DB2 error message, this message can display path names, function names,
w…
filenames, partial co…
2004- “detected an internal 03-04 error [IBM][CLI Driver]…
A DB2 error message, this message can display path names, function names,
2004- “A syntax error has 03-04 occurred” filetype:i…
An Informix error message, this message can display path names, function names,
2004- “An illegal character has 03-04 been found in the s…
An Informix error message, this message can display path names, function names,
2004- “Syntax error in query 03-04 expression ” -the
An Access error message, this message can display path names, function names,
filenames, partial co…
filenames and p…
filenames and p…
filenames and par…
2004- supplied argument is not An PostgreSQL error message, this message can display path names, function names, 03-04 a valid PostgreSQL result filenames and… 2004- “PostgreSQL query failed: An PostgreSQL error message, this message can display path names, function names, 03-04 ERROR: parser: pa… filenames and… 2004“Incorrect syntax near” 03-04
An SQL Server error message, this message can display path names, function names,
200403-04 “Incorrect syntax near”
An SQL Server error message, this message can display path names, function names,
filenames and…
filenames and…
2004- “Unclosed quotation mark An SQL Server error message, this message can display path names, function names, 03-04 before the character… filenames and…
“ORA-00933: SQL 2004command not properly 03-04 ended&qu…
An Oracle error message, this message can display path names, function names,
filenames and par…
2004- ORA-00921: unexpected Another generic SQL message, this message can display path names, function 03-04 end of SQL command names, filenames and… 2004- ORA-00936: missing
A generic ORACLE error message, this message can display path names, function
03-04 expression
names, filenames …
2004- “Supplied argument is not Another generic SQL message, this message can display path names, function 03-04 a valid MySQL resul… names, filenames and… 2004sQL syntax error 03-04
Another generic SQL message, this message can display path names and partial SQL
2004mysql error with query 03-04
Another error message, this appears when an SQL query bails. This is a generic
2004-
This one shows the type of web server running on the site, and has the ability to
Internal Server Error
code, both of …
mySQL message, s…
03-04
show other in…
2004- IIS web server error 03-04 messages
This query finds various types of IIS servers. This error message is fairly indicative of
a som…
2004- Windows 2000 web server Windows 2000 web servers. Aging, fairly easy to hack, especially out of the box…… 03-04 error messages 2004IIS 4.0 error messages 03-04
IIS 4.0 servers. Extrememly old, incredibly easy to hack……
2004sitebuilderpictures 03-04
This is a default directory for the sitebuilder web design software program. If these
2004- sitebuilderfiles 03-04
This is a default directory for the sitebuilder web design software program. If these
2004sitebuildercontent 03-04
This is a default directory for the sitebuilder web design software program. If these
people po…
people po…
people po…
2004- ORA-00921: unexpected Another SQL error message from Cesar. This one coughs up full web pathnames 01-09 end of SQL command and/or php filename… 2003- “Chatologica MetaSearch” There is soo much crap in this error mess age… Apache version, CGI environment 08-15 “stack tra… vars, path name… 2003- MYSQL error message: 06-24 supplied argument….
One of many potential error messages that spew interesting information. The results
2003Coldfusion Error Pages 06-24
These aren’t too horribly bad, but there are SO MANY of them. These sites got googlebotted whil…
2012inurl:finger.cgi 11-02
of this mes…
Finger Submitted by: Christy Philip Mathew…
2012- site*.*.*/webalizer 08-21 intitle:”Usage Statistics…
Shows usage statistics of sites. Includes monthy reports on the IP addresses, user
2006- intitle:r57shell +uname 05-04 bbpress
compromised servers… a lot are dead links, but pages cached show interesting info, this is r5…
agents, and …
2006- “The statistics were last 05-03 updated” “… 2006- inurl:/counter/index.php 04-06 intitle:”+PHPCounter…
Results include many varius Network activity logs… This is an online vulnerable web stat program called PHPCounter
7.http://www.clydebelt.org.uk/c…
2006- inurl:”NmConsole/Login.asp” Ipswitch Whats Up Monitoring 2005!This is a console for Network Monitoring, 03-13 | intitle:&q… access beyond the p… 2006- inurl:CrazyWWWBoard.cgi
gives tons of private forum configuration information.examples: Global variables
02-08 intext:”detailed debu…
installed, wha…
2005inurl:ovcgi/jovw 12-31
An HP Java network management tool. It is a sign that a network may not be configured properly….
2005- inurl:proxy | inurl:wpad 12-21 ext:pac | ext:dat findpro…
Information about proxy servers, internal ip addresses and other network
sensitive stuff….
2005- inurl:webalizer filetype:png - ***WARNING: This search uses google images, disable images unless you want 11-21 .gov -.edu -.mil -op… your IP spewed acros… 2005- intitle:”Retina Report” 10-26 “CONFIDENTI…
This googledork finds vulnerability reports produced by eEye Retina Security
2005- “Shadow Security Scanner 10-26 performed a vulnerab…
This is a googledork to find vulnerability reports produced by Shadow Security
2005- “The following report 10-26 contains confidential i…
This googledork reveals vunerability reports from many different vendors. These
2005inurl:status.cgi?host=all 10-04
Nagios Status page. See what ports are being monitored as well as ip addresses.Be
2005inurl:login.jsp.bak 09-30 2005- intitle:”Belarc Advisor 02-15 Current Profile”…
Scanner. The info…
Scanner. They c…
reports can co…
sure to check… JSP programmer anyone? You can read this!… People who have foolishly published an audit of their machine(s) on the net with
some server in…
2005- “Traffic Analysis for” “RMON List of RMON ports produced by MRTG which is a network traffic analysis tool. See 03-05 Port *… also #198… 2005- “powered | performed by 02-03 Beyond Security’s Aut…
This search finds Beyond Security reports. Beyond Security sells a box which
2004- intitle:”PHPBTTracker 12-30 Statistics” | inti…
This query shows pages which summarise activity on PHPBT-powered BitTorrent trackers – all the …
2004intitle:”BNBT Tracker Info” 12-30
This query shows pages which summarise activity on BNBT-powered BitTorrent trackers – including…
performs automated…
2004- intitle:”Azureus : Java BitTorrent 12-30 Client Tra…
This query shows machines using the Azureus BitTorrent client’s built-in tracker – the pages ar…
2004inurl:”install/install.php” 12-29
This searches for the install.php file. Most results will be a Bulletin board like
2004- intext:”Welcome to the Web 12-07 V.Networks” i…
see and control JVC webcameras, you can move the camera, zoom… change the settings, etc…….
Phpbb etc.T…
2004- intitle:”start.managing.the.device” MCK Communications, Inc.PBXgatewayIIHigh density central site gateway for 12-10 remo…
remote PBX access(MCK…
2004ext:cfg radius.cfg 12-06
“Radiator is a highly configurable and flexible Radius server that supports authentication…
2004- filetype:php inurl:ipinfo.php 12-07 “Distributed In…
Dshield is a distributed intrusion detection system. The ipinfo.php script
includes a whois loo…
2004Mercury SiteScope designed to ensure the availability and performance of inurl:”sitescope.html” intitle:”sit… 12-03 distributed IT infrast… 2004- intitle:”twiki” 12-02 inurl:”TWikiUsers&q…
TWiki has many security problems, depeding on the version installed. TWiki,
2004- “Phorum Admin” “Database 11-28 Connection…
Phorum admin pagesThis either shows Information leakage (path info) or it
is a flexible, powe…
shows Unprotected Adm…
2004sysWatch is a CGI to display current information about your UNIX system. It “Output produced by SysWatch *” can display drive p… 11-28 2004inurl:testcgi xitami 11-28
Testpage / webserver environmentThis is the test cgi for xitami webserver. It
2004- filetype:log 11-28 intext:”ConnectionManager2″
ISDNPM 3.x for OS/2-Dialer log files.These files contain sensitive info like ip addresses, phon…
2004- intitle:”sysinfo * ” 11-12 intext:”Genera…
Lots of information leakage on these pages about active network services,
2004- inurl:portscan.php “from 11-12 Port”|”Por…
This is general search for online port scanners which accept any IP. It does
2004inurl:/adm-cfgedit.php 11-07
PhotoPost Pro is photo gallery system. This dork finds its installation
2004inurl:webutil.pl 11-07
webutil.pl is a web interface to the following services:* ping* traceroute*
2004inurl:statrep.nsf -gov 10-20
Domino is server technology which transforms Lotus Notes® into an Internet a…
shows the webserv…
server info, network …
not find a specifi…
page.You can use this p…
whois* finger* nslo…
2004The finger command on unix displays information about the system users. inurl:/cgi-bin/finger? “In real life” 10-19 This search displays pr… 2004- inurl:/cgi-bin/finger? Enter 10-19 (account|host|user|us…
The finger command on unix displays information about the system users.
2004- filetype:php inurl:nqt 10-18 intext:”Network Query …
Network Query Tool enables any Internet user to scan network information
This search displays th…
using:* Resolve/Revers…
2004- inurl:”map.asp?”
“WhatsUp Gold’s new SNMP Viewer tool enables Area-Wide to easily track
10-05 intitle:”WhatsUp G…
variables associate…
2004- ext:cgi intext:”nrg-” ” This NRG is a system for maintaining and visualizing network data and other resource utilization dat… 09-29 web pa… 2004- ((inurl:ifgraph “Page 09-29 generated at”) OR …
ifGraph is a set of perl scripts that were created to fetch data from SNMP agents
2004- inurl:”/catalog.nsf” 09-10 intitle:catalog
This will return servers which are running versions of Lotus Domino. The catalog.nsf
and feed a RR…
is the ser…
2004- “Powered by phpOpenTracker is a framework solution for the analysis of website traffic and 09-21 phpOpenTracker” Statistics visitor analysis… 2004- site:netcraft.com intitle:That.Site.Running 09-21 Apache
Netcraft reports a site’s operating system, web server, and netblock owner together with, if av…
2004- “this proxy is working 08-13 fine!” “ente…
These are test pages for some proxy program. Some have a text field that allows
2004“apricot – admin” 00h 07-29
This search shows the webserver access stats as the user “admin”. The language used i…
2006- “by Reimar Hoven. All 04-15 Rights Reserved. Discla…
dork: “by Reimar Hoven. All Rights Reserved. Disclaimer” | inurl:”log/logdb.dta&…
200407-16 intitle:”Microsoft Server Analysis” Site
Microsoft Site Server and Site Server Commerce Edition on June 1, 2001 with discontinued the in…
2004- Analysis Console for 07-12 Incident Databases
ACID stands for for “Analysis Console for Incident Databases”. It is a php frontend f…
2004Looking Glass 06-22
A Looking Glass is a CGI script for viewing results of simple queries executed on
2004- “Version Info” “Boot 06-04 Version” …
This is the status page for a Belkin Cable/DSL gateway. Information can be retrieved
you to use that…
remote router…
from this …
2004- intitle:”ADSL Configuration This is the status screen for the Solwise ADSL modem. Information available from this page incl… 06-04 page”
2004- filetype:vsd vsd network - Reveals network maps (or any other kind you seek) that can provide sensitive 05-13 samples -examples information such a… 2004- filetype:pdf “Assessment 05-03 Report” nessus
These are reports from the Nessus Vulnerability Scanner. These report contain
detailed informat…
2004- inurl:phpSysInfo/ “created This statistics program allows the an admin to view stats about a webserver. Some 04-16 by phpsysinfo”… sites leave t… 2004-
“SnortSnarf alert page”
04-16
snort is an intrusion detection system. SnorfSnarf creates pretty web pages from
intrusion dete…
2004- “Network Host Assessment This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and 03-30 Report” “I… networks. … 2004- “This report lists” 03-30 “identified by … 2004- intitle:”Nessus Scan 03-30 Report” “This … 2014 filetype:pdf “acunetix -03website audit” &q… 31
This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and
networks. … This search yeids nessus scan reports. Even if some of the vulnerabilities have been
fixed, we …
Finds reports generated by Acunetix scans. – Andy G – twitter.com/vxhex …
2014 inurl:clientaccesspolicy Locates clientaccesspolicy.xml files used by silverlight to determine the cross domain -03- filetype:xml policy … 27 intext:allow… 2014 inurl:crossdomain -03- filetype:xml 27 intext:allow-access… 2014 site:bitbucket.org -02inurl:.bash_history 05
Locates crossdomain.xml files used by flash/flex/silverlight to determine the cross
domain pol…
Finding Sensitive data site:bitbucket.org inurl:.bash_history By Pharos …
2013 intext:phpMyAdmin SQL intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, -11- Dump filetype:sql `password`) V… 27 intext:INS… 2013 inurl:mikrotik -11filetype:backup 27 2013 filetype:xml -11inurl:sitemap 25 2013 inurl:”jmx-
mikrotik url backups uploaded.. then.. credentials cracked via
http://mikrotikpasswordrecove…
Sitemaps, the opposite of Web Robots Exclusion Detail directory and page map — -
[Volun… JBoss
-11- console/HtmlAdaptor” http://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/Connecting_to 25 intitle:… _the_J…
2013 -11- inurl:tar filetype:gz 25
Tar files Contain user and group information (in addition to potentially useful files) — …
2013 filetype:bak (inurl:php | This one could be used to find all sorts of backup data, but this example is limited to just -11c… inurl:asp | inurl:rb) 25 2013 site:github.com -11- inurl:”id_rsa” 25
Finds private SSH keys on GitHub. – Andy G – twitter.com/vxhex …
inurl:&q…
2013 site:github.com -11- inurl:”known_hosts” 25 &quo… 2013 inurl:/wp-11- content/uploads/ 25 filetype:sql
Finds SSH known_hosts files on GitHub. – Andy G – twitter.com/vxhex …
Google dork for WordPress database backup file (sql): inurl:/wp-content/uploads/
filetype:sq…
2013 inurl:config “fetch = -11- +refs/heads/*:refs/rem Git config file Easy way to find Git Repositories — -[Voluntas Vincit Omnia]-website… 25 o… 2013 filetype:php Project Honey Pot anti-spammer detection (http://www.projecthoneypot.org/) Can -11- intext:”PROJECT HONEY identify the … 25 POT ADDRES… 2013 inurl:github.com -11- intext:sftp-conf.json 25 +intext:/wp…
Find FTP logins and full path disclosures pushed to github inurl:github.com intext:sftp-
conf…
2013 inurl:*/webalizer/* -09- intitle:”Usage 24 Statistics…
*Obrigado,* …
2013 -09- intitle:index.of intext:.ssh 24
Find peoples ssh public and private keys – tmc / #havok …
2013 filetype:txt This dork can be used to find symlinked WordPress configuration files of other web sites -08inurl:~~Wordpress2.txt … 08 2013 filetype:txt inurl:wp-08config.txt 08
Easily hunt the WordPress configuration file in of remote web sites Author : Un0wn_X …
2013inurl:~~joomla3.txt filetype:txt 08-08
By this dork you can find juicy information joomla configuration files
Author: Un0wn_X …
2013- intitle:”WAMPSERVER Homepage” & 08-08 inte…
#Summary: Wampserver Homepage free access (*http://www.wampserver.com/).*#Author: g00gl3 5c0u…
2013inurl:wp-content/uploads/dump.sql 08-08
This is *Mohan Pendyala* (penetration tester) from india. Google Dork: *inurl:wp-content/u…
2013inurl:fluidgalleries/dat/login.dat 08-08
Works with every single fluidgalleries portofolio sites. Just decrypt the
2013-
“information_schema” filetype:sql
MD5 hash and login on… Dork: “information_schema” filetype:sql By: Cr4t3r …
08-08 2013- inurl:”zendesk.com/attachments/token” zendesk is good ticketing system . It has thousands of clients. with the 08-08 si… above dork you can s… 2013allintext: /iissamples/default/ 04-23
Searching for “allintext: /iissamples/default/” may provide interesting informatio…
2013- filetype:php -site:php.net intitle:phpinfo Tries to reduce false positive results from similar dorks. Finds pages 04-22 “p… containing output from … 2013- filetype:ini “This is the default settings 04-22 fi…
Finds PHP configuration files (php.ini) that have been placed in indexed
2013- inurl:”php?id=” intext:”DB_Error Ob… 04-09
Description: Files containing juicy info Author:ruben_linux …
2013ext:gnucash 02-05
*Google Search:* http://www.google.com/search?q=ext:gnucash
2013runtimevar softwareVersion= 02-05
Hits: 807 Config file from Thomson home routers, sometimes it
2012- inurl:admin intext:username= AND 12-31 email= AND passwo…
folders. Php.ini defi…
*Description:* Find Gnucas…
contains password’s and user’s … — nitish mehta …
2012- inurl:newsnab/www/ 12-06 automated.config.php
Usenet Accounts from Newsnab configs inurl:newsnab/www/
2012inurl:.com/configuration.php-dist 11-02
Finds the configuration files of the PHP Database on the server. By
2012filetype:avastlic 08-21
Lots of Avast Licenses . Author : gr00ve_hack3r
2012- filetype:docx Domain Registrar $user 08-21 $pass
Dork :- *filetype:docx Domain Registrar $user $pass* Use :- *To find
automated.config.php Author: rmccurd…
Chintan GurjarRahul Tygi…
www.gr00vehack3r.wordpress.com …
domain login password fo…
2012- inurl:”phpmyadmin/index.php” 08-21 intext:&quo…
This dork finds unsecured databases …
2012- intext:”Thank you for your 05-15 purchase/trial of …
This dork can fetch you Avast product licenses especially Avast
Antiviruses , including Profes…
2012?intitle:index.of?”.mysql_history” 05-15
Find some juicy info in .mysql_history files enjoy bastich …
2012intext:”~~Joomla1.txt” title:”Index… 05-15
intext:”~~Joomla1.txt” title:”Index of /” Get all server configs files…
2011allintext:D.N.I filetype:xls 12-27
This Query contains sensitive data (D.N.I
2011- List of Phone Numbers (In XLS File ) 12-19 allinurl:tele…
This is a dork for a list of Phone Private Numbers in Argentina. Author:
) in a xls format (excel)
and D.N.I for People of…
Luciano UNLP …
2011- Microsoft-IIS/7.0 intitle:index.of name IIS 7 directory listing. Author: huang … 12-19 size 2011- Google Dork inurl:Curriculum Vitale 12-16 filetype:doc (…
This dork locates Curriculum Vitale files. Autho r: Luciano UNLP …
2011- Google Dork For Social Security Number This dork locates social security numbers. Author: Luciano UNLP … 12-16 ( In Spain … 2011filetype:old (mysql_connect) () 11-24
There are three of mysql_connects but that all search in .inc or
warnings, non search for .old…
2011- filetype:old this dork locates backed up config files filetype:php~ 11-24 (define)(DB_USER|DB_PASS|DB_NAME)(define)(DB_USER|DB_PASS|DB_NAME) file… 2011- filetype:reg reg HKEY_CURRENT_USER this dork locates registry dumps … 11-19 SSHHOSTKEYS 2011this dork finds mostly backed up configuration.php files. Its possible to intitle:index.of? configuration.php.zip change the *.zip to … 11-19 2011inurl:”/includes/config.php” 11-19
The Dork Allows you to get data base information from config files.
201111-19 inurl:”trace.axd” ext:axd “Applicat…
example google dork to find trace.axd, a file used for debugging asp
2011- +intext:”AWSTATS DATA FILE” 09-26 filetype:txt
Shows data downloads containing statistics on the site.Made by
2011- filetype:ini “Bootstrap.php” 08-25 (pass|passw…
Zend application ini, with usernames, passwords and db info love
2011filetype:pem “Microsoft” 07-26
Microsoft private keys, frequently used for servers with UserID on the same page. — Sha…
2011- inurl:server-info intitle:”Server 07-26 Information…
Juicy information about the apache server installation in the website.
Author: XeNon …
that reveals full http re…
AwstatsThe best dork for that sy…
Bastich …
— *Regards, Fady …
2011- inurl:/push/ .pem apns -“push 07-18 notifications&q…
iphone apple push notification system private keys, frequently
2011- site:stashbox.org cv Or resume OR 07-18 curriculum vitae…
Searches StashBox for publicly avaliable PDF’s or .doc files containing information used in a…
2011- site:mediafire.com cv Or resume OR 07-18 curriculum vita…
Searches Mediafire for publicly avalia ble PDF’s containing information
2011- site:docs.google.com intitle:(cv Or
Searches GoogleDocs for publicly avaliable PDF’s containing
07-18 resume OR curr…
information used in a CV/Resume/Cu…
unencrypted, frequently with De…
used in a CV/Resume/Cur…
2011Searches Dropbox for publicly avaliable PDF’s containing site:dl.dropbox.com filetype:pdf cv OR curriculum … information used in a CV/Resume/Curri… 07-01 2011inurl:sarg inurl:siteuser.html 05-26
Submitter: pipefish Squid User Access Reports that show
2011filetype:xls + password + inurl:.com 05-03
The filetype:xls never changes What is inbtween then +
users’ browsing history t…
sings can be what ever you are looking …
2011Site: google.com/latitude– This is a free application where allinurl:http://www.google.co.in/latitude/apps/bad… 05-03 you can track your PC, laptop and… 2011- intext:db_pass inurl:settings.ini 02-24
Submitter: Bastich mysql.nimbit.com dashboard settings…
2011inurl:app/etc/local.xml 02-19
Magento local.xml sensitive information disclosure Author: Rambaud Pierre…
2010allinurl:/xampp/security.php 12-13
XAMPP Security Setting Page Information Disclosure.
2010inurl:phpinfo.php 12-10
Locates phpinfo files. A phpinfo file Outputs a large
2010-
locates the default configuration file for vBulletin
inurl:”config.php.new” +vbulletin
Author: modpr0be …
amount of information about the current s…
12-07
(/includes/config.php.new) Author: MaXe…
2010inurl:configuration.php-dist 12-07
locates the default configuration file of JOOMLA Author:
ScOrPiOn …
2010filetype: log inurl:”access.log” +intext… 11-25
Match some apache access.log files. Author: susmab…
2010“Cisco PIX Security Appliance Software Versio… 11-10
Google search for Pix Authorization Keys Author: fdisk…
2010This search locates private SSHHostkeys. Author: filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS 11-10 loganWHD…
2006intitle:”AppServ Open Project *” “A… 10-02
Often includes phpinfo and unsecured links to
2006intitle:”LOGREP – Log file reporting system&q… 03-21
Logrep is an open source log file Extraction and Reporting
2006(intitle:”PRTG Traffic Grapher” inurl:&q… 03-18
PRTG Traffic Grapher is Windows software for monitoring
2006-
Joomla! is a Content Management System (CMS) created
intitle:”Joomla – Web Installer”
phpmyadmin….
System by ITeF!x. This dork finds t…
and classifying bandwidth usage. It pro…
03-18
by the same team that brought the Mambo CM…
2006“not for public release” -.edu -.gov -.m… 02-22
if you search through lots of these then you find some
2006intext:ViewCVS inurl:Settings.php 01-16
CVs is a software used to keep track of changes to
2006inurl:build.err 01-16
General build error file. Can tell what modules are
2005inurl:/cgi-bin/pass.txt 12-22
really juicy things, there files from po…
websites. You can review all updates and pre…
installed, the OS the compiler the language… Passwords…
2005- (intitle:WebStatistica WebStatistica provides detailed statistics about a web page. Normally you would 12-19 inurl:main.php) | (intitle:… have to login … 2005- inurl:wp-mail.php + “There This is the WordPress script handling Post-By-Email functionality, the search is 11-24 doesn’t seem to b… focussed on th… 2005- intitle:”Welcome to FAn attacker may want to know about the antivirus software running. The 11-16 Secure Policy Manager S… description says he can… intitle:Bookmarks 2005inurl:bookmarks.html 10-22
AFAIK are the bookmarks of Firefox, Netscape and Mozilla stored in
200510-04 intitle:”urchin (5|3|admin)” ext:cgi
Gain access to Urchin analysis reports….
“Bookm…
bookmarks.html. It is often …
2005- rdbqds -site:.edu -site:.mil - Ceasar encryption is a rather simple encryption. You simply shift letters up or down 09-08 site:.gov across the… 2005contacts ext:wml 08-23
Forget Bluetooth Hacking! You’ll be amazed, at how many people sync their Cell Phones to the sa…
2005- intitle:”curriculum vitae” 08-12 filetype:doc
Hello. 1. It reveals personal datas, often private addresses, phone numbers, e-mails,
2005- intitle:”admin panel” 08-16 +”Powered by …
This finds all versions of RedKernel Referer Tracker(stats page) it just gives out
how many …
some nice in…
2005- ext:(doc | pdf | xls | txt | 07-30 ps | rtf | odt | sxw …
Although this search is a bit broken (the file extensions don’t always work), it reveals intere…
2005- site:www.mailinator.com 07-24 inurl:ShowMail.do
Mailinator.com allows people to use temporary email boxes. Read the site, I won’t explain here….
2005allinurl:cdkey.txt 07-21
cdkeys…
2005-
filetype:PS ps
PS is for “postscript”…which basically means you get the high quality press data fo…
07-08 2005filetype:QBW qbw 06-21
Quickbooks is software to manage your business’s financials. Invoicing, banking, payroll, etc, …
2005inurl:XcCDONTS.asp 06-07
This query reveals an .asp script which can often be used to send anonymous
emails from fake se…
2005ext:DCA DCA 04-27
IBM DisplayWrite Document Content Architecture Text File…
2005ext:ccm ccm -catacomb 04-27
Lotus cc:Mail Mailbox file…
2005- ext:CDX CDX 04-27
Visual FoxPro database index…
2005ext:DBF DBF 04-27
Dbase DAtabase file. Can contain sensitive data like any other database….
2005ext:jbf jbf 04-27
There is a full path disclosure in .jbf files (paint shop pro), which by itself is not
2005- ext:plist filetype:plist 04-26 inurl:bookmarks.plist
These Safari bookmarks that might show very int eresting info about a user’s
2005-
ICalender Fileder that can contain a lot of useful information about a possible
ext:ics ics
a vulner…
surfing habits…
04-26
target….
2005- “MacHTTP” filetype:log 04-26 inurl:machttp.log
MacHTTP is an webserver for Macs running OS 69.x. It’s pretty good for older
2005WebLog Referrers 03-30
ExpressionEngine is a modular, flexible, feature-packed web publishing system
2005- “#mysql dump” filetype:sql 02-28 21232f297a57a…
this is a mod of one of the previous queries posted in here. the basic thing is,
2005filetype:ora tnsnames 02-15
This searches for tns names files. This is an Oracle configuration file that sets
Macs but the defa…
that adapts to a …
to add this:21…
up connectio…
2005These pages contain hotmail messages that were saved as HTML. These inurl:getmsg.html intitle:hotmail 03-02 messages can contain anythi… 2005+”HSTSNR” -“netop.com” 02-28
This search reveals NetOp license files. From the netop website: “NetOp Remote Control is …
2005- intitle:”web server status” SSH 02-15 Telnet
simple port scanners for most common ports…
2005- -site:php.net -“The PHP Group” scripts to view the source code of PHP scripts running on the server. Can be 02-15 inurl:sou…
very interesting i…
2005inurl:netscape.hst 01-27
History for Netscape– So an attacker can read a user’s browsing history….
2005inurl:”bookmark.htm” 01-27
Bookmarks for Netscape and various other browsers….
2005inurl:netscape.hst 01-27
Netscape Bookmark List/History: So an attacker would be able to locate the
2005inurl:netscape.ini 01-27
There’s a bunch of interesting info in netscape.ini1. Viewers: which multimedia viewers the fir…
2005- intitle:”edna:streaming mp3 01-27 server” -for…
Edna allows you to access your MP3 collection from any networked computer.
2005ext:reg “username=*” putty 01-27
Putty registry entries. Contain username and hostname pairs, as well as type
2005ext:txt inurl:dxdiag 01-22
This will find text dumps of the DirectX Diag utility. It gives an outline of the
2005intitle:”FTP root at” 01-13
This dork will return some FTP root directories. The string can be made more
bookmark and history…
This software stream…
of session (sftp, …
hardware of t…
specific by adding…
2005- intext:gmail invite This is a dork I did today. At first, I wanted to find out the formula for making 01-02 intext:http://gmail.google.com… one, but … … 2005Peoples MSN contact lists 01-02
This will give msn contact lists .. modify the “msn” to what ever you feel is messeng…
2005filetype:ctt Contact 01-02
This is for MSN Contact lists……
2004- intitle:”index.of” .diz .nfo last 12-30 modifi… 2004filetype:blt “buddylist” 12-30
File_id.diz is a description file uploaders use to describe packages uploaded to
FTP sites. Alt… AIM buddylists….
The access.cnf file is a “weconfigfile” (webconfig file) used by Frontpage Extentions…
2004- filetype:cnf inurl:_vti_pvt 12-30 access.cnf
2004squeezebox is the easiest way for music lovers to enjoy high-quality playback intitle:”welcome.to.squeezebox” of their whole di… 12-19 2004inurl:preferences.ini “[emule]” 12-19
This finds the emule configuration file which contains some general and proxy
information.Somet…
2004- ext:conf inurl:rsyncd.conf -cvs - rsync is an open source utility that provides fast incremental file transfer.rsync 12-19 man
can also tal…
2004inurl:ds.py 12-13
Affordable Web-based document and content management application lets
2004ext:dat bpk.dat 12-13
Perfect Keylogger is as the name says a keylogger :)This dork finds the
businesses of every size …
corresponding datafiles…
2004- intitle:”Multimon UPS status 12-04 page”
Multimon provide UPS monitoring services…
2004- php-addressbook “This is the 12-05 addressbook for…
php-addressbook shows user address information without a password….
2004- “Generated by phpSystem” 12-05
PhpSystem shows info about unix systems, including: General Info (kernel,
2004inurl:”/axs/ax-admin.pl” -script 12-04
This system records visits to your site. This admin script allows you to display
2004ext:vmx vmx 12-03
VMWare allows PC emulation across a variety of platforms. Theseconfiguration files describe a v…
2004ext:vmdk vmdk 12-03
VMWare allows PC emulation across a variety of platforms. These files are
2004ext:pqi pqi -database 12-03
PQ DriveImage allows administrators to create hard rive images for lots of
2004ext:gho gho 12-03
Norton Ghost allows administrators to create hard rive images for lots of
cpu, uptime), Connect…
these records …
VMWare disk images wh…
purposes including b…
purposes including ba…
2004- intitle:”PHP Advanced Transfer” PHP Advacaned Transfer is GPL’d software that claims to be the “The ultimate 11-28 (inurl:i… PHP download … 2004- intitle:”DocuShare” 11-28 inurl:”docushar… 2004- ext:txt “Final encryption 11-28 key”
some companies use a Xerox Product called DocuShare. The problem with this
is by default guest … IPSec debug/log data which contains user data and password hashes.Can be used to
crack password…
2004- inurl:report “EVEREST 11-20 Home Edition “
Well what can be said about this one, I’ve added it to the DB under Juicy info, however it coul…
2004- “Microsoft (R) Windows * This file spills a lot of juicy info… in some cases, passwords in the raw dump, but not in an… 11-23 (TM) Version * DrWts… 2004- intitle:”Apache::Status” 11-21 (inurl:server-s…
The Apache::Status returns information about the server software, operating
2004- intitle:”PhpMyExplorer”
PhpMyExplorer is a PHP application that allows you to easily update your site online
11-18 inurl:”inde…
without an…
2004filetype:myd myd -CVS 11-18
MySQL stores its data for each database in individual files with the extension
system, number of c…
MYD.An attacker …
2004- filetype:config web.config - Through Web.config an IIS adminstrator can specify settings like custom 404 error pages, authen… 11-16 CVS 2004filetype:ns1 ns1 11-16
Netstunbler files contain information about the wireless network. For a cleanup add
2004- ext:cgi inurl:editcgi.cgi 11-16 inurl:file=
This was inspired by the K-Otic report. Only two results at time of writing. The cgi
stuff like:…
script let…
2004- filetype:pst pst -from -to - Finds Outlook PST files which can contain emails, calendaring and address 11-12 date information…. 2004inurl:”putty.reg” 11-07
This registry dump contains putty saved session data. SSH servers the according
2004ext:conf NoCatAuth -cvs 11-07
NoCatAuth configuration file. This reveals the configuration details of wirless
2004- “Certificate Practice 11-05 Statement” inurl:(…
Certificate Practice Statement (CPS)A CPS defines the measures taken to secure CA
2004- filetype:inf 11-05 inurl:capolicy.inf
The CAPolicy.inf file provides Certificate Servicces configuration information, which
2004- filetype:php inurl:index 10-31 inurl:phpicalendar -site:…
PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It
2004- intitle:”Web Server 10-31 Statistics for ****”
These are www analog webstat reports. The failure report shows information
2004- intitle:”AppServ Open 10-31 Project” -site:www…
AppServ is the Apache/PHP/MySQL open source software installer packages. This
2004- intitle:”Index of” upload 10-24 size parent di…
Files uploaded through ftp by other people, sometimes you can find all sorts of
2004- inurl:log.nsf -gov 10-20
Domino is server technology which transforms Lotus Notes® into an Internet a…
usernames and p…
gateway includi…
operation an…
is read d…
displays …
leakage about databa…
normally includes…
things from mov…
2004ext:nsf nsf -gov -mil 10-20
Domino is server technology which transforms Lotus Notes® into an
2004- intitle:”index.of *” admin 10-19 news.asp conf…
With Compulive News you can enter the details of your news items onto a webform
2004- inurl:cgi-bin/testcgi.exe 10-18 “Please distribute …
Test CGI by Lilikoi Software aids in the installation of the Ceilidh discussion engine
2004- ext:mdb inurl:*.mdb
The directory “http:/xxx/fpdb/” is the database folder used by some versions of
10-18 inurl:fpdb shop.mdb
Front…
2004ext:ini intext:env.ini 10-16
This one shows configuration files for various applications. based on the application
Internet a…
and upload imag…
for the …
an attack…
2004- “Installed Objects Scanner” Installed Objects Scanner makes it easy to test your IIS Webserver for installed 10-16 inurl:defaul… components. In… 2004- intitle:”ASP Stats 10-16 Generator *.*” “…
ASP Stats Generator is a powerful ASP script to track web site activity. It combines a
2004inurl:odbc.ini ext:ini -cvs 10-09
This search will show the googler ODBC client configuration files which may contain
2004- intext:SQLiteManager 10-05 inurl:main.php
sQLiteManager is a tool Web multi-language of management of data bases SQLite. #
2004- +”:8080″ +”:3128″ 09-29 +”:80&q…
server s…
usernames/d…
Management of… With the string [+”:8080″ +”:3128″ +”:80″ filetype:txt] it is pos…
2004inurl:/_layouts/settings 09-23
With the combined collaboration features of Windows SharePoint Services and
2004ext:ldif ldif 09-23
www.filext.com says LDIF = LDAP Data Interchange Format.LDAP is used for nearly
2004- filetype:pst
All versions of the popular business groupware client called Outlook have the
09-11 inurl:”outlook.pst” 2004filetype:vcs vcs 09-22
possibility to st… Filext.com says: “Various programs use the *.VCS extension; too many to list individually….
ext:log “Software:
SharePoint Portal S…
everything in o…
2004Microsoft Internet 09-21
Microsoft Internet Information Services (IIS) has log files that are normally not in
2004- Lotus Domino address 09-18 books
This search will return any Lotus Domino address books which may be open to the
2004- filetype:asp DBQ=” * 09-18 Server.MapPath(“*.m…
This search finds sites using Microsoft Access databases, by looking for the the
Informa…
the docroo…
public. This ca…
database conne…
2004- filetype:pdb pdb backup 09-10 (Pilot | Pluckerdb)
Hotsync database files can be found using “All databases on a Palm device, including the o…
2004- filetype:xls 09-10 inurl:”email.xls”
Our forum members neverget tired of finding juicy MS office files. Here’s one by
urban that fi…
2004John the Ripper is a popular cracking program every hacker knows. It’s results are filetype:pot inurl:john.pot 09-10 stored in a … 2004- filetype:reg “Terminal
These are Microsoft Terminal Services connection settings registry files. They may
09-07 Server Client”
sometimes co…
2004filetype:rdp rdp 09-07
These are Remote Desktop Connection (rdp) files. They contain the settings
2004inurl:snitz_forums_2000.mdb 09-07
The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme
2004filetype:bkf bkf 09-06
This search will show backupfiles for xp/2000 machines.Of course these files
2004filetype:qbb qbb 09-06
This search will show QuickBooks Bakup Files. Quickbook is financial accounting software so sto…
2004- ( filetype:mail | filetype:eml | 08-26 filetype:mbox | f…
storing emails in your webtree isnt a good idea.with this search google will
2004Quicken data files 08-25
The QDATA.QDF file (found sometimes in zipped “QDATA” archives online, sometimes not)…
2004“phone * * *” “address *” &qu… 08-19
This search gives hounderd of existing curriculum vitae with names and
2004ext:asp inurl:pathto.asp 08-13
The UBB trial version contains files that are not safe to keep online after going live. The ins…
2004-
and sometimes the cr…
says: “it is strongl…
could contain near…
show files contai…
adress. An attacker coul…
filetype:xls -site:gov inurl:contact Microsoft Excel sheets containing contact information….
08-09 2004- mail filetype:csv -site:gov 08-09 intext:name
CSV Exported mail (user) names and such….
2004- intext:”Session Start * * * *:*:* *” These are IRC and a few AIM log files. They may contain juicy info or just hours of good clean … 08-09 fil… 2004Webmasters wanting to exclude search engine robots from certain parts of (inurl:”robot.txt” | inurl:”robots…. 08-09 their site often choos… 2004filetype:cfg auto_inst.cfg 08-05
Mandrake auto-install configuration files. These contain information about
the installed packag…
2004filetype:fp7 fp7 08-05
These are Filemaker Pro version 7 databases files….
2004filetype:fp3 fp3 08-05
These are FileMaker Pro version 3 Databases….
2004- filetype:fp5 fp5 -site:gov -site:mil These are various kinds of FileMaker Pro Databases (*.fp5 applies to both 08-02 -“cvs lo… version 5 and 6)…. 2004-
inurl:*db filetype:mdb
More Microsoft Access databases for your viewing pleasure. Results may
vary, but there have bee…
08-02
2004- “allow_call_time_pass_reference” Returns publically visible pages generated by the php function phpinfo(). This 08-02 “P… search differs f… 2004filetype:ora ora 08-01
Greetings, The *.ora files are configuration files for oracle clients. An attacker
2004- intitle:”Index Of” -inurl:maillog 07-28 maill…
This google search reveals all maillog files within various directories on a
2004filetype:rdp rdp 09-07
These are Remote Desktop Connection (rdp) files. They contain the settings
2004- inurl:snitz_forums_2000.mdb 09-07
The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme
2004filetype:bkf bkf 09-06
This search will show backupfiles for xp/2000 machines.Of course these files
2004filetype:qbb qbb 09-06
This search will show QuickBooks Bakup Files. Quickbook is financial
2004- ( filetype:mail | filetype:eml | 08-26 filetype:mbox | f…
storing emails in your webtree isnt a good idea.with this search google will
2004-
The QDATA.QDF file (found sometimes in zipped “QDATA” archives online,
Quicken data files
can identify…
webserver. This se…
and sometimes the cr…
says: “it is strongl…
could contain near…
accounting software so sto…
show files contai…
08-25
sometimes not)…
2004“phone * * *” “address *” &qu… 08-19
This search gives hounderd of existing curriculum vitae with names and
2004ext:asp inurl:pathto.asp 08-13
The UBB trial version contains files that are not safe to keep online after
adress. An attacker coul…
going live. The ins…
2004filetype:xls -site:gov inurl:contact Microsoft Excel sheets containing contact information…. 08-09 2004- mail filetype:csv -site:gov 08-09 intext:name
CSV Exported mail (user) names and such….
2004- intext:”Session Start * * * *:*:* *” These are IRC and a few AIM log files. They may contain juicy info or just 08-09 fil… hours of good clean … 2004Webmasters wanting to exclude search engine robots from certain parts of (inurl:”robot.txt” | inurl:”robots…. their site often choos… 08-09 2004filetype:cfg auto_inst.cfg 08-05 2004-
Mandrake auto-install configuration files. These contain information about
the installed packag… These are Filemaker Pro version 7 databases files….
filetype:fp7 fp7
08-05 2004filetype:fp3 fp3 08-05
These are FileMaker Pro version 3 Databases….
2004- filetype:fp5 fp5 -site:gov -site:mil These are various kinds of FileMaker Pro Databases (*.fp5 applies to both version 5 and 6)…. 08-02 -“cvs lo… 2004inurl:*db filetype:mdb 08-02
More Microsoft Access databases for your viewing pleasure. Results may
vary, but there have bee…
2004- “allow_call_time_pass_reference” Returns publically visible pages generated by the php function phpinfo(). This 08-02 “P… search differs f… 2004- filetype:ora ora 08-01
Greetings, The *.ora files are configuration files for oracle clients. An attacker
2004- intitle:”Index Of” -inurl:maillog 07-28 maill…
This google search reveals all maillog files within various directories on a
can identify…
webserver. This se…
2004inurl:profiles filetype:mdb Microsoft Access databases containing (user) profiles ….. 07-26 intext:(password | 2004passcode) 07-26
CSV formatted files containing all sorts of user/password combinations. Results may
2004Of” 07-26 intitle:”Index cookies.txt size
searches for cookies.txt file. On MANY servers this file holds all cookie information, which ma…
intext:(username | us…
vary, but a…
2004inurl:forum filetype:mdb Microsoft Access databases containing ‘forum’ information ….. 07-26 2004inurl:backup filetype:mdb Microsoft Access databasebackups….. 07-26 2004- data filetype:mdb 07-26 site:gov -site:mil
Microsoft Access databases containing all kinds of ‘data’….
2004inurl:email filetype:mdb 07-26
Microsoft Access databases containing email information…..
2004- intitle:”index of” +myd 07-21 size
The MySQL data directory uses subdirectories for each database and common files for table stora…
2004“sets mode: +s” 07-19
This search reveals secret channels on IRC as revealed by IRC chat logs….
2004“sets mode: +p” 07-19
This search reveals private channels on IRC as revealed by IRC chat logs….
2004-
The information contained in these files depends on the actual file itself. SSL.conf
inurl:ssl.conf filetype:conf
2004private key files (.csr) 07-12
files cont… This search will find private key files… Private key files are supposed to be, well… privat…
2004private key files (.key) 07-12
This search will find private key files… Private key files are supposed to be, well… privat…
07-15
2004Loads of user information including email addresses exported in comma separated exported email addresses 07-12 file format (.c… 2004Welcome to ntop! 07-06
Ntop shows the current network usage. It displays a list of hosts that are currently
using the …
2004- MySQL tabledata dumps sQL database dumps. LOTS of data in these. So much data, infact, I’m pressed to 07-06 think of what e… 2004- Microsoft Money Data 07-02 Files
Microsoft Money 2004 provides a way to organize and manage your personal
2004- OWA Public Folders 06-25 (direct view)
This search looks for Outlook Web Access Public Folders directly. These links open
2004Unreal IRCd 07-06
Development of UnrealIRCd began in 1999. Unreal was created from the Dreamforge
finances (http://www.m…
public folde…
IRCd that was f…
2004MSN Messenger uses the file extension *.ctt when you export the contact list. An filetype:ctt ctt messenger 06-22 attacker could… 2004- 94FBR “ADOBE 06-10 PHOTOSHOP”
94FBR is part of many serials. An malicious user would only have to change the
2004- inurl:forward 05-26 filetype:forward -cvs
Users on *nix boxes can forward their mail by placing a .forward file in their home
2004- intitle:”System Statistics” 05-24 +”Syste…
This search reveals internal network information including network configuratino,
2004- inurl:”cacti” 05-24 +inurl:”graph_view.ph…
This search reveals internal network info including architecture, hosts and services
programm name (p…
directory. …
ping times, s…
available….
2004This search reveals information about internal networks, such as configuration, inurl:”/cricket/grapher.cgi” 05-24 services, bandw… 2004- intitle:”Big Sister” +”OK 05-24 Attention…
This search reveals Internal network status information about services and hosts….
2004- “Mecury Version” 05-18 “Infastructure Gro…
Mecury is a centralized ground control program for research satellites. This query
2004-
The php.ini file contains all the configuration for how PHP is parsed on a server. It
inurl:php.ini filetype:ini
simply loca…
05-17
can cont…
intitle:intranet 2004inurl:intranet 05-17
These pages are often private intranet pages which contain phone listings and
2004- filetype:blt blt 05-14 +intext:screenname
Reveals AIM buddy lists, including screenname and who’s on their ‘buddy’ list and their ‘blocke…
+intext:”phon…
email addresses. …
2004These are http server access logs which contain all sorts of information ranging filetype:log access.log -CVS 05-14 from usernames… 2004filetype:log cron.log 05-14
Displays logs from cron, the *nix automation daemon. Can be used to determine
2004filetype:lic lic intext:key 05-13
License files for various software titles that may contain contact info and the
2004- intitle:”index of” 05-13 mysql.conf OR mysql_c…
backups, full an…
product version… This file contains port number, version number and ath p info to MySQL server….
2004- filetype:eml eml 05-12 +intext:”Subject” +inte…
These are oulook express email files which contain emails, with full headers. The
2004- filetype:mbx mbx 05-11 intext:Subject
These searches reveal Outlook v 1-4 or Eudora mailbox files. Often these are made
200405-10 filetype:wab wab
These are Microsoft Outlook Mail address books. The information contained will
information …
public on pur…
vary, but at the…
2004- “Request Details” “Control These pages contain a great deal of information including path names, session ID’s, 05-06 Tree&quo… stack trace… 2004- “HTTP_FROM=googlebot” 05-06 googlebot.com &qu…
These pages contain trace information that was collected when the googlebot
crawled a page. The…
2004- filetype:conf inurl:firewall - These are firewall configuration files. Although these are often examples or sample 05-05 intitle:cvs files, in m… 2004- inurl:”smb.conf” 05-04 intext:”workgroup&…
These are samba configuration files. They include information about the
network, trust relation…
2004inurl:tdbin 05-03
This is the default directory for TestDirector
(http://www.mercuryinteractive.com/products/test…
2004This is the MRTG traffic analysis pages. This page lists information about intext:”Tobias Oetiker” “traffic an… machines on the netw… 05-03 2004- inurl:server-info “Apache Server 04-28 Information&…
This is the Apache server-info program. There is so much sensitive stuff
2004-
This is the print environemnts script which lists sensitive information such
inurl:perl/printenv
listed on this page th…
04-28
as path names, ser…
2004inurl:cgi-bin/printenv 04-28
This is the print environemnts script which lists sensitive information such
2004inurl:fcgi-bin/echo 04-28
This is the fastcgi echo script, which provides a great deal of information
2004inurl:server-status “apache” 04-26
This page shows all sort of information about the Apache web server. It
2004“This is a Shareaza Node” 04-21
These pages are from Shareaza client programs. Various data is displayed
2004- “Running in Child mode” 04-21
This is a gnutella client that was picked up by google. There is a lot of data
2004allinurl:servlet/SnoopServlet 04-20
These pages reveal server information such as port, server software
as path names, ser…
including port numb…
can be used to track pr…
including client versi…
present includin…
version, server name, full …
2004These pages reveal information about the server including path allinurl:/examples/jsp/snp/snoop.jsp 04-20 information, port information, e… 2004inurl:”newsletter/admin/” 04-16
These pages generally contain newsletter administration pages. Some of
these site are password …
2004These pages generally contain newsletter administration pages. Some of inurl:”newsletter/admin/” intitle:”… 04-16 these site are password … 2004“Index of” / “chat/logs” 04-13
This search reveals chat logs. Depending on the contents of the logs, these
files could contain…
2004This is your typical stats page listing referrers and top ips and such. This inurl:vbstats.php “page generated” 04-08 information can ce… 2004“#mysql dump” filetype:sql 04-05
This reveals mySQL database dumps. These database dumps list the
2004intitle:index.of cleanup.log 04-05
This search reveals potential location for mailbox files by keying on the
2004- intitle:index.of inbox dbx 04-05
This search reveals potential location for mailbox files. In some cases, the
structure and content of datab…
Outlook Express clean…
data in this direc…
2004intitle:index.of inbox 04-05
This search reveals potential location for mailbox files. In some cases, the
data in this direc…
2004- “Host Vulnerability 03-30 Summary Report”
This search yeids host vulnerability scanner reports, revealing potential
2004- “Network Vulnerability 03-30 Assessment Report”…
This search yeids vulnerability scanner reports, revealing potential vulnerabilities
vulnerabilities on ho…
on hosts a…
2004- “Thank you for your order” After placing an order via the web, many sites provide a page containing the phrase 03-29 +receipt
“Thank…
2004- “not for distribution” 03-29 confidential
The terms “not for distribution” and confidential indicate a sensitive document. Resu…
This is a common script for changing passwords. Now, this doesn’t actually reve al 2004inurl:changepassword.asp 03-24 the password,… 2004- “Most Submitted Forms 03-22 and Scripts” “…
More www statistics on the web. This one is very nice.. Lots of directory info, and
2004inurl:admin filetype:xls 03-16
This search can find Excel spreadsheets in an administrative directory or of an
2004- intitle:admin intitle:login 03-14
This search can find administrative login pages. Not a vulnerability in and of itself,
2004inurl:admin intitle:login 03-14
This search can find administrative login pages. Not a vulnerability in and of itself,
2004intitle:index.of ws_ftp.ini 03-04
ws_ftp.ini is a configuration file for a popular FTP client that stores usernames,
client acce…
administrative …
this que…
this que…
(weakly) enc…
2004dead.letter contains the contents of unfinished emails created on the UNIX intitle:index.of dead.letter 03-04 platform. Emails (fi… 2004- intitle:index.of “Apache”
This is a very basic string found on directory listing pages which show the version of
03-04 “server a… 2004- intitle:”wbem” compaq 03-04 login “Compaq…
the Apac… These devices are running HP Insight Management Agents for Servers which
“provide device i…
2004- inurl:main.php Welcome to From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle the administ… 03-04 phpMyAdmin 2004- inurl:main.php 03-04 phpMyAdmin
From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle the administ…
2004- “phpMyAdmin” “running 03-04 on” inur…
From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle the administ…
2004- “robots.txt” “Disallow:” 03-04 filet…
The robots.txt file serves as a set of instructions for web crawlers. The “disallow” …
2004- intitle:”Usage Statistics for” The webalizer program shows web statistics for web servers. This information includes who is vi… 03-04 “Gen… 2004- intitle:”statistics of” 03-04 “advanced w…
the awstats program shows web statistics for web servers. This information
2004-
The ipsec.conf file could help hackers figure out what uber-secure users of
ipsec.conf
03-04
includes who is visi…
freeS/WAN are prote…
2004ipsec.secrets 03-04
from the manpage for ipsec_secrets: “It is vital that these secrets be protected. The file…
2004ipsec.secrets 03-04
from the manpage foripsec_secrets: “It is vital that these secrets be protected. The
2004cgiirc.conf 03-04
This is another less reliable way of finding the cgiirc.config file. CGIIRC is a web-based
2004cgiirc.conf 03-04
CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options
2004- phpMyAdmin dumps 03-04
From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle
2004phpMyAdmin dumps 03-04
From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle the administ…
2003- mystuff.xml – Trillian 08-19 data files
This particular file contains web links that trillian users have entered into the tool.
2003site:edu admin grades 07-10
I never really thought about this until I started coming up with juicy examples for
2003- haccess.ctl (VERY
haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file
06-30 reliable)
decribe…
2003haccess.ctl (one way) 06-30
this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes
file…
IRC …
for…
the administ…
Trillia…
DEFCON 11…..
who can…
2003More www statistics on the web. This one is very nice.. Lots of directory info, and “generated by wwwstat” client acce… 06-30 2003“produced by getstats” 06-30
Another web statistics package. This one srcinated from a google scan of an ivy
2003- “This report was 06-27 generated by WebLog”
These are weblog-generated statistics for web sites… A roadmap of files, referrers,
league college…
errors, s…
2003robots.txt 06-27
The robots.txt file contains “rules” about where web spiders are allowed (and NOT all…
2004phpinfo() 11-18
this brings up sites with phpinfo(). There is SO much cool stuff in here that you just
2003AIM buddy lists 06-24
These searches bring up common names for AOL Instant Messenger “buddylists”. These li…
2003-
These folks had the technical prowess to unpack the movable type fil es, but couldn’t
mt-db-pass.cgi files
have to …
2003sQL data dumps 06-24
manage to … sQL database dumps. LOTS of data in these. So much data, infact, I’m pressed to think of what e…
2003- Financial spreadsheets: 06-24 finances.xls
“Hey! I have a great idea! Let’s put our finances on our website in a secret directory so …
2003- Financial spreadsheets: 06-24 finance.xls
“Hey! I have a great idea! Let’s put our finances on our website in a secret directory so …
2003ICQ chat logs, please… 06-24
ICQ (http://www.icq.com) allows you to store the contents of your online chats into a
06-24
file. The…
2003- Ganglia Cluster Reports These are server cluster reports, great for info gathering. Lesse, what were those server names… 06-24 2003- squid cache server 06-24 reports
These are squid server cache reports. Fairly benign, really except when you consider
using them…
2012inurl:finger.cgi 11-02
Finger Submitted by: Christy Philip Mathew…
2012- site*.*.*/webalizer 08-21 intitle:”Usage Statistics…
Shows usage statistics of sites. Includes monthy reports on the IP addresses, user
2006- intitle:r57shell +uname -
compromised servers… a lot are dead links, but pages cached show interesting
05-04 bbpress
info, this is r5…
2006- “The statistics were last 05-03 updated” “…
Results include many varius Network activity logs…
2006- inurl:/counter/index.php 04-06 intitle:”+PHPCounter…
agents, and …
This is an online vulnerable web stat program called PHPCounter
7.http://www.clydebelt.org.uk/c…
2006- inurl:”NmConsole/Login.asp” Ipswitch Whats Up Monitoring 2005!This is a console for Network Monitoring, access beyond the p… 03-13 | intitle:&q… 2006- inurl:CrazyWWWBoard.cgi 02-08 intext:”detailed debu…
gives tons of private forum configuration information.examples: Global variables
installed, wha…
2005inurl:ovcgi/jovw 12-31
An HP Java network management tool. It is a sign that a network may not be
2005- inurl:proxy | inurl:wpad 12-21 ext:pac | ext:dat findpro…
Information about proxy servers, internal ip addresses and other network
configured properly….
sensitive stuff….
2005- inurl:webalizer filetype:png - ***WARNING: This search uses google images, disable images unless you want 11-21 .gov -.edu -.mil -op… your IP spewed acros… 2005- intitle:”Retina Report”
This googledork finds vulnerability reports produced by eEye Retina Security
10-26 “CONFIDENTI…
Scanner. The info…
2005- “Shadow Security Scanner 10-26 performed a vulnerab…
This is a googledork to find vulnerability reports produced by Shadow Security
2005- “The following report 10-26 contains confidential i…
This googledork reveals vunerability reports from many different vendors. These
2005inurl:status.cgi?host=all 10-04
Nagios Status page. See what ports are being monitored as well as ip addresses.Be
Scanner. They c…
reports can co…
sure to check…
2005inurl:login.jsp.bak 09-30
JSP programmer anyone? You can read this!…
2005- intitle:”Belarc Advisor 02-15 Current Profile”…
People who have foolishly published an audit of their machine(s) on the net with some server in…
2005- “Traffic Analysis for” “RMON List of RMON ports produced by MRTG which is a network traffic analysis tool. See 03-05 Port *… also #198… 2005- “powered | performed by 02-03 Beyond Security’s Aut…
This search finds Beyond Security reports. Beyond Security sells a box which
2004- intitle:”PHPBTTracker 12-30 Statistics” | inti…
This query shows pages which summarise activity on PHPBT-powered BitTorrent trackers – all the …
2004intitle:”BNBT Tracker Info” 12-30
This query shows pages which summarise activity on BNBT-powered BitTorrent trackers – including…
performs automated…
2004- intitle:”Azureus : Java BitTorrent 12-30 Client Tra…
This query shows machines using the Azureus BitTorrent client’s built-in tracker – the pages ar…
2004inurl:”install/install.php” 12-29
This searches for the install.php file. Most results will be a Bulletin board like
2004- intext:”Welcome to the Web 12-07 V.Networks” i…
see and control JVC webcameras, you can move the camera, zoom… change the settings, etc…….
Phpbb etc.T…
2004- intitle:”start.managing.the.device” MCK Communications, Inc.PBXgatewayIIHigh density central site gateway for 12-10 remo… remote PBX access(MCK…
2004ext:cfg radius.cfg 12-06
“Radiator is a highly configurable and flexible Radius server that supports authentication…
2004- filetype:php inurl:ipinfo.php 12-07 “Distributed In…
Dshield is a distributed intrusion detection system. The ipinfo.php script
includes a whois loo…
2004Mercury SiteScope designed to ensure the availability and performance of inurl:”sitescope.html” intitle:”sit… 12-03 distributed IT infrast… 2004- intitle:”twiki”
TWiki has many security problems, depeding on the version installed. TWiki,
12-02 inurl:”TWikiUsers&q…
is a flexible, powe…
2004- “Phorum Admin” “Database 11-28 Connection…
Phorum admin pagesThis either shows Information leakage (path info) or it
shows Unprotected Adm…
2004sysWatch is a CGI to display current information about your UNIX system. It “Output produced by SysWatch *” can display drive p… 11-28 2004inurl:testcgi xitami 11-28
Testpage / webserver environmentThis is the test cgi for xitami webserver. It
2004- filetype:log 11-28 intext:”ConnectionManager2″
ISDNPM 3.x for OS/2-Dialer log files.These files contain sensitive info like ip
2004- intitle:”sysinfo * ” 11-12 intext:”Genera…
Lots of information leakage on these pages about active network services,
2004- inurl:portscan.php “from 11-12 Port”|”Por…
This is general search for online port scanners which accept any IP. It does
2004inurl:/adm-cfgedit.php 11-07
PhotoPost Pro is photo gallery system. This dork finds its installation
2004inurl:webutil.pl 11-07
webutil.pl is a web interface to the following services:* ping* traceroute*
2004inurl:statrep.nsf -gov 10-20
Domino is server technology which transforms Lotus Notes® into an Internet a…
shows the webserv…
addresses, phon…
server info, network …
not find a specifi…
page.You can use this p…
whois* finger* nslo…
2004The finger command on unix displays information about the system users. inurl:/cgi-bin/finger? “In real life” 10-19 This search displays pr… 2004- inurl:/cgi-bin/finger? Enter 10-19 (account|host|user|us…
The finger command on unix displays information about the system users.
2004- filetype:php inurl:nqt 10-18 intext:”Network Query …
Network Query Tool enables any Internet user to scan network information
2004- inurl:”map.asp?” 10-05 intitle:”WhatsUp G…
This search displays th…
using:* Resolve/Revers… “WhatsUp Gold’s new SNMP Viewer tool enables Area-Wide to easily track variables associate…
2004- ext:cgi intext:”nrg-” ” This NRG is a system for maintaining and visualizing network data and other resource 09-29 web pa… utilization dat… 2004- ((inurl:ifgraph “Page 09-29 generated at”) OR …
ifGraph is a set of perl scripts that were created to fetch data from SNMP agents
2004- inurl:”/catalog.nsf” 09-10 intitle:catalog
This will return servers which are running versions of Lotus Domino. The catalog.nsf
2004- “Powered by
phpOpenTracker is a framework solution for the analysis of website traffic and
and feed a RR…
is the ser…
09-21 phpOpenTracker” Statistics visitor analysis… site:netcraft.com 2004intitle:That.Site.Running 09-21 Apache
Netcraft reports a site’s operating system, web server, and netblock owner together with, if av…
2004- “this proxy is working 08-13 fine!” “ente…
These are test pages for some proxy program. Some have a text field that allows
2004“apricot – admin” 00h 07-29
This search shows the webserver access stats as the user “admin”. The language used i…
2006- “by Reimar Hoven. All 04-15 Rights Reserved. Discla…
dork: “by Reimar Hoven. All Rights Reserved. Disclaimer” | inurl:”log/logdb.dta&…
you to use that…
2004- intitle:”Microsoft Site 07-16 Server Analysis”
Microsoft discontinued Site Server and Site Server Commerce Edition on June 1,
2004- Analysis Console for 07-12 Incident Databases
ACID stands for for “Analysis Console for Incident Databases”. It is a php frontend f…
2004Looking Glass 06-22
A Looking Glass is a CGI script for viewing results of simple queries executed on
2004- “Version Info” “Boot 06-04 Version” …
This is the status page for a Belkin Cable/DSL gateway. Information can be retrieved
2001 with the in…
remote router…
from this …
2004- intitle:”ADSL Configuration This is the status screen for the Solwise ADSL modem. Information available from 06-04 page” this page incl… 2004- filetype:vsd vsd network - Reveals network maps (or any other kind you seek) that can provide sensitive 05-13 samples -examples information such a… 2004- filetype:pdf “Assessment 05-03 Report” nessus
These are reports from the Nessus Vulnerability Scanner. These report contain
detailed informat…
2004- inurl:phpSysInfo/ “created This statistics program allows the an admin to view stats about a webserver. Some 04-16 by phpsysinfo”… sites leave t… 2004“SnortSnarf alert page” 04-16
snort is an intrusion detection system. SnorfSnarf creates pretty web pages from
intrusion dete…
2004- “Network Host Assessment This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and 03-30 Report” “I… networks. … 2004- “This report lists” 03-30 “identified by …
This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and
networks. …
201 4inurl:typo3conf/localconf.php 0407 201 4inurl:/backup intitle:index of 03- backup intext:*sql 31 201 3filetype:password jmxremote 1125 201 3ext:sql intext:@gmail.com
typo3 passwords
Bruno Schmid …
Google Search:https://www.google.com/search?client=opera&q=admin+username+and
+pass&sour…
Passwords for Java Management Extensions (JMX Remote) Used by jconsole,
Eclipse’s MAT, Java Vi…
author:haji …
11- intext:password 25 201 3site:github.com inurl:sftp11- config.json 25 201 3site:github.com inurl:sftp11- config.json intext:/wp-… 25 201 3“BEGIN RSA PRIVATE KEY” 09- filetype:key -gi… 24 201 3filetype:sql insite:pass && user 0422 201 3ext:sql intext:@hotmail.com 04- intext :password 09
Find disclosed FTP login credentials in github repositories Credit: RogueCoder…
Finds disclosed ftp FTP for WordPress installs, which have been pushed to a
public repo on GitH…
To find private RSA Private SSL Keys …
Google Dork: filetype:sql insite:pass && user We Can get login username and
password…
By , NItish Mehta , www.illuminativeworks.com/blog
https://www.facebook.com/illuminativework…
201 3filetype:config inurl:web.config This google dork to find sensitive information of MySqlServer , “uid, and 04- inurl:ftp password” … 09 201 3filetype:inc OR filetype:bak OR Aggregates previous mysql_(p)connect google dorks and adds a new filetype. Searches common fil… 02- filetype:old mysql… 05 201 *Google Search:* 3ext:xml (“proto=’prpl-‘” | “prplhttps://www.google.com/search?q=ext:xml%20(%22proto=’prpl02- ya… ‘%22%20|%20%22prp… 05 201 2allinurl:”User_info/auth_user_fil Google dork for find user info and configuration password of DCForum 11- e.txt” allinurl:”User_info/… 05 201 2inurl:”/dbman/default.pass” 11-
A path to a DES encrypted password for DBMan ( http://www.gossamer-
threads.com/products/archiv…
02 201 “parent directory” 211- proftpdpasswd intitle… 02
This dork is based on this: http://www.exploit-db.com/ghdb/1212/ but improved cause that is u…
201 filetype:xls “username | 211- password” 02
filetype:xls “username | password” This search reveals usernames and/or passwords of …
201
ext:xml 211- (“mode_passive”|”mode_defau OffSec: So the dork is: ext:xml (“mode_passive”|”mode_default”) Th… … 02 201 2intext:charset_test= email= 08- default_persistent= 21 201 2inurl:”passes” OR 08- inurl:”passwords&… 21
find facebook email and password
…
Hack the $cr1pt kiddies. There are a lot of Phishing pages hosted on internet ,
this dork wi…
201 2filetype:cfg “radius” 05- (pass|passwd|passw… 15
Find config files with radius configs and passwords and secrets… Love Bastich …
2011- (username=* | username:* |) | ( 12-27 ((password=* | pas…
Logged username, passwords, hashes Author: GhOsTPR …
2011filetype:sql inurl:wp-content/backup-* 12-14
Search for WordPress MySQL database backup. Author: AngelParrot
2011“My RoboForm Data” “index of” 12-12
This dork looks for Roboform password files. Author: Robert
2011inurl:”/Application Data/Filezilla/*” OR… 11-19
…
McCurdy … this dork locates files containing ftp passwords …
2011- filetype:php~ Backup or temp versions of php files containing you guessed it 10-11 (pass|passwd|password|dbpass|db_pass… passwords or other ripe for the… 2011inurl:ftp “password” filetype:xls 09-26 2011- filetype:sql “phpmyAdmin SQL Dump” 06-28 (pass… 2011- filetype:sql “MySQL dump” 06-28 (pass|password…
this string may be used to find many low hanging fruit on FTP sites
recently indexed by google….
phpMyAdmin SQL dump with passwords Bastich … MySQL database dump with passwords Bastich …
2011filetype:sql “PostgreSQL database dump” … PostgreSQL database dump with passwords Bastich … 06-28 2011Asian FTP software -, run the password hash through John etc. filetype:ini “[FFFTP]” (pass|passwd|pass… Author: Bastich … 04-18 2011Total commander wxc_ftp.ini run has through John etc. or even filetype:ini “FtpInBackground” (pass|pas… 04-18 better use http://wcxftp.org.ru/… 2011filetype:ini “precurio” (pass|passwd|pas… plain text passwods … 04-18 2011filetype:ini “SavedPasswords” (pass|pass… Unreal Tournament config, plain text passwords Author: Bastich … 04-18 2011- filetype:ini “pdo_mysql” 04-18 (pass|passwd|pa…
full details dbname dbuser dbpass all plain text Author:Bastich …
2011inurl:web/frontend_dev.php -trunk 01-09
Google search for web site build with symfony framework and in
2011- inurl:config/databases.yml -trac -trunk -
Google search for web site build with symfony framework. This file
01-09 “Goo…
contains the login / passwo…
development environment. In …
2010inurl:-cfg intext:”enable password” 11-10
Google search for Cisco config files (some variants below): inurl:router-confg inurl:-confg…
2006“login: *” “password: *” filet… 09-06
This returns xls files containing login names and passwords. it works
2006ext:php intext:”$dbms””$dbhost”… 08-10
Hacking a phpBB forum. Here you can gather the mySQL connection
2006-
CalenderScript is an overpriced online calender system written in
inurl:”calendarscript/users.txt”
03-21 2006- filetype:sql “insert into” 03-06 (pass|passwd|… 2006- filetype:reg reg 02-05 +intext:â€Å
by showing all the xls fi…
information for their forum dat…
perl. The passwords are encry… Looks for SQL dumps containing cleartext or encrypted passwords…. This can be used to get encoded vnc passwords which can otherwise be
obtained by a local regist…
2006- ext:asa | ext:bak intext:uid 01-02 intext:pwd -“uid…
search for plaintext database credentials in ASA and BAK files….
2006- enable password | secret 01-02 “current configurati…
Another Cisco configuration search. This one is cleaner, gives complete configuration files and…
2006- ext:passwd -intext:the -sample - Various encrypted passwords, some plaintext passwords and some private keys are revealed by thi… 01-02 example 2006- inurl:”editor/list.asp” | 01-02 inurl:”da…
This search finds CLEARTEXT usernames/passwords for the Results Database
2006filetype:bak createobject sa 01-01
This query searches for files that have been renamed to a .bak extension
2005- inurl:ventrilo_srv.ini 12-19 adminpassword
This search reveals the ventrilo (voice communication program used by many
2005- “parent directory”
User names and password hashes from web server backups generated by
11-30 +proftpdpasswd
cpanel for ProFTPd. Passwo…
2005ext:yml database inurl:config 11-14
Ruby on Rails is a MVC full-stack framework for development of web
2005inurl:”Sites.dat”+”PASS=” 11-03
FlashFXP has the ability to import a Sites.dat file into its current Sites.dat file,
2005server-dbs “intitle:index of” 10-30
Yes, people actually post their teamspeak servers on websites. Just look for
Editor. The log in po…
(obviously), but inclu…
online gamers) passw…
applications. There’s a conf…
using this…
the words superadm…
2005This search will show you the Administrator password (very first line) on YaBB inurl:/yabb/Members/Admin.dat 09-28 forums whose own…
2005- “admin account info” 09-25 filetype:log
searches for logs containing admin server account information such as
2005“your password is” filetype:log 09-24
This search finds log files containing the phrase (Your password is). These files
username and password….
often contain…
2005intitle:rapidshare intext:login 09-18
Rapidshare login passwords….
2005-
some people are that stupid to keep their Cisco routers config files on site.
intext:”enable password 7″
09-13
You can easly fin…
2005filetype:dat inurl:Sites.dat 09-13
If you want to find out FTP passwords from FlashFXP Client, just type this
2005ext:inc “pwd=” “UID=” 08-31 2005- [WFClient] Password= 07-27 filetype:ica
query in google and … Database connection strings including passwords… The WinFrame-Client infos needed by users to connect toCitrix Application
Servers (e.g. Metafra…
2005- inurl:cgi-bin 06-24 inurl:calendar.cfg
CGI Calendar (Perl) configuration file reveals information including passwords for
2005- intitle:”phpinfo()” 06-05 +”mysql.default…
This will look throught default phpinfo pages for ones that have a default mysql
2005inurl:pass.dat 06-04
Accesses passwords mostly in cgibin but not all the timeCan find passwords +
the program….
password….
usernames (sometim…
2005mIRC Passwords For Nicks & Channels in channel\[chanfolder] section of mirc.ini inurl:perform.ini filetype:ini you can fin… 06-06 2005- intext:”powered by 05-11 EZGuestbook” 2005- inurl:server.cfg rcon
HTMLJunction EZGuestbook is prone to a database disclosure vulnerability.
Remote users may down… Counter strike rcon passwords, saved in the server.cfg….
05-06 password !Host=*.* some people actually keep their VPN profiles on the internet…omg… Simply 2005intext:enc_UserPassword=* 05-02 donwload the pcf f… ext:pcf wwwboard WebAdmin 2005inurl:passwd.txt 03-28
wwwboard|webad…
This is a filtered version of previous ‘inurl:passwd’ searches, focusing on WWWBoard [1]. Ther…
2005filetype:inf sysprep 03-20
sysprep is used to drive unanttended MS Windows installations. The files contain
2005-
the unattend.txt is used to drive unanttended MS Windows installations. The files
03-20 ext:txt inurl:unattend.txt
contain all i…
all informatio…
2005- filetype:sql ("passwd Find insert statements where the field (or table name) preceding the operator 02-23 values" | … VALUES will be ‘… 2005- filetype:sql (“values * MD5” Locate insert statements making use of some builtin function to encrypt a password. PASSWORD(),… 02-23 | “val… 2005- intitle:”Index of” 02-10 sc_serv.conf sc_serv …
This dork lists sc_serv.conf files. These files contain information for Shoutcast
2005- “Powered by Link
Link management script with advanced yet easy to use admin control panel, fully
02-15 Department”
template driven…
"Powered by 2005DUpaypal" 02-07
Here is another DUware product, DUpaypal. Once you get hold of the database it
site:duwa…
servers and o…
contains the adm…
2005- filetype:inc mysql_connect INC files have PHP code within them that contain unencrypted usernames, passwords, and addresse… 02-09 OR mysql_pconnect 2005- ext:ini Version=4.0.0.4 01-27 password
The servU FTP Daemon ini file contains setting and session information including
2004ext:ini eudora.ini 12-19
Well, this is the configuration file for Eudora…may contain sensitive information
2004- intext:”powered by Web 12-13 Wiz Journal”
Web Wiz Journal ASP Blog. The MDB database is mostly unprotected and can be
2004inurl:filezilla.xml -cvs 12-02
filezilla.xml contains Sites,Logins and crypted Passwords of ftp connections made
2004- inurl:”GRC.DAT” 11-28 intext:”password&qu… 2004- filetype:log “See `ipsec – 11-28 copyright”
usernames, pas…
like pop se…
downloaded directly…
with the open… symantec Norton Anti-Virus Corporate Edition data file containing encrypted passwords…. BARF log filesMan page:Barf outputs (on standard output) a collection of debugging inform
…
2004by dudownload” Most 11-23 “powered -site:duware.com th… duware products use Microsoft Access databases in default locations without instructi 2004- intitle:dupics inurl:(add.asp Most duware products use Microsoft Access databases in default locations without instructi 11-23 | default.asp | view… th… 2004- “powered by duclassmate” Most duware products use Microsoft Access databases in default locations without instructi 11-23 -site:duware.co… th… 2004- “Powered by Duclassified” - Most duware products use Microsoft Access databases in default locations without instructi 11-23 site:duware.c… th… 2004- “Powered by Dudirectory” - Most duware products use Microsoft Access databases in default locations without instructi th… 11-23 site:duware.co…
2004- “Powered by Duclassified” - Most duware products use Microsoft Access databases in default locations without instructi 11-23 site:duware.c… th… 2004- “powered by ducalendar” - Most duware products use Microsoft Access databases in default locations without instructi th… 11-23 site:duware.com 2004intext:”enable secret 5 $” 11-16 2004- “liveice configuration file”
sometimes people make mistakes and post their cisco configs on “help sites” and don’t…
This finds the liveice.cfg file which contains all configuration data for an Icecast server. P…
11-08 ext:cfg -si… 2004filetype:ini inurl:”serv-u.ini” serv-U is a ftp/administration server for Windows. This file leaks info about the version, use 11-06 2004inurl:pap-secrets -cvs 11-06
linux vpns store there usernames and passwords for PAP authentification in a file called “…
2004inurl:chap-secrets -cvs 11-06
linux vpns store their usernames and passwords for CHAP authentification in a file called “…
2004filetype:ini inurl:flashFXP.ini FlashFXP offers the easiest and fastest way to transfer any file using FTP, providing an excep 10-10 2004- “Powered By Elite Forum 09-24 Version *.*”
Elite forums is one of those Microsoft Access .mdb file based forums. This one is particularly
2004filetype:mdb wwforum 09-24
Web Wiz Forums is a free ASP Bulletin Board software package. It uses a Microsoft Access
databa…
2004“index of/” “ws_ftp.ini” “… This search is a cleanup of a previous entry by J0hnny. It uses “parent directory” to… 09-17 2004- filetype:config config 09-16 intext:appSettings “Us…
These files generally contain configuration information for a .Net Web Application. Things li
2004filetype:ini wcx_ftp 08-25
This searches for Total commander FTP passwords (encrypted) in a file called wcx_ftp.ini. O
2004- LeapFTP intitle:”index.of./” sites.ini 08-20 m…
The LeapFTP client configuration file “sites.ini” holds the login credentials for tho…
2004filetype:conf oekakibbs 08-16
Oekakibss is a japanese anime creation application. The config file tells an
2004“http://*:*@www” domainname 08-14
This is a query to get inline passwords from search engines (not just
attacker the encry…
Google), you must type in…
2004- filetype:bak This will search for backup files (*.bak) created by some editors or even by 08-14 inurl:”htaccess|passwd|shadow|ht… the administrator …
2004inurl:/db/main.mdb 08-13
ASP-Nuke database file containing passwords.This search goes for the
2004inurl:nuke filetype:sql 08-10
This search reveals database dumps that most likely relate to the php-
2004filetype:ini ServUDaemon 08-06
The servU FTP Daemon ini file contains setting and session information
2004-
Generally, these are dbman password files. They are not cleartext, but still
filetype:pass pass intext:userid
08-06 2004“AutoCreate=TRUE password=*” 08-05
direct location and has fe…
nuke or postnuke content …
including usernames, pas…
allow an attacker … This searches the password for “Website Access Analyzer”, a Japanese software that cr…
2004inurl:/wwwboard 08-01
The software wwwboard stores its passwords in a file called
2004filetype:pwl pwl 07-29
These are Windows Password List files and have been known to be easy to
2004- “# -FrontPage-” ext:pwd 07-26 inurl:(service |…
Frontpage.. very nice clean search results listing !!No further comments
2004- “sets mode: +k” 07-19
This search reveals channel keys (passwords) on IRC as revealed from IRC
2004- intitle:”Index of” passwords 07-16 modified
These directories are named “password.” I wonder what you might find in here. Warning…
“passwd.txt”.An attacker …
crack since the release…
required..changelog:22…
chat logs….
2004- inurl:lilo.conf filetype:conf password LILO is a general purpose boot manager that can be used to boot multiple 07-16 -tatercount… operating systems, inc… 2004NickServ registration passwords 07-12
NickServ allows you to “register” a nickname (on some IRC networks) and prevent other…
2004psyBNC config files 07-06
psyBNC is an IRC-Bouncer with many features. It compiles on Linux,
2004filetype:mdb inurl:users.mdb 06-16
Everyone has this problem, we need to remember many passwords to
2004inurl:ccbill filetype:log 06-18
CCBill.com sells E-tickets to online entertainment and subscription-based
2004- inurl:ospfd.conf intext:password 06-10 sample -test -tu…
GNU Zebra is free software that manages TCP/IP based routing protocols. It supports BGP-4 proto…
FreeBSD, SunOs and Solaris. …
access the resources we use. S…
websites. CCBill.com …
inurl:zebra.conf 2004GNU Zebra is free software that manages TCP/IP based routing protocols. It supports intext:password -sample 06-10 BGP-4 prot… test -tu…
2004filetype:pwd service 06-10
Microsoft Frontpage extensions appear on virtually every type of scanner. In the late
2004filetype:sql password 06-04
Database maintenance is often automated by use of .sql files that contain many lines
90’s peop…
of batched…
2004- filetype:sql +”IDENTIFIED Database maintenance is often automated by use of .sql files wich may contain 06-04 BY” -cvs many lines of bat… 2004-
filetype:ldb admin
According to filext.com, the ldb file is “A lock file is used to keep muti -user databases
06-02
…
2004- filetype:cfg mrtg 06-02 “target[*]” -sample -c…
Mrtg.cfg is the configuration file for polling SNMP enabled devices. The community
2004filetype:dat wand.dat 05-27
The world-famous web-browser Opera has the ability to save the password for you,
2004signin filetype:url 05-26
Javascript for user validation is a bad idea as it shows cleartext user/pass combos.
2004filetype:netrc password 05-26
The .netrc file is used for automatic login to servers. The passwords are stored in
2004- filetype:ini ws_ftp pwd 05-26
The encryption method used in WS_FTP is _extremely_ weak. These files can be
2004- inurl:”slapd.conf” 05-25 intext:”rootpw&q…
slapd.conf is the configuration file for slapd, the opensource LDAP deamon. You can
2004- inurl:”slapd.conf” 05-25 intext:”credenti…
slapd.conf is the configuration file for slapd, the opensource LDAP deamon. The key
2004filetype:inc dbconn 05-26
This file contains the username and password the website uses to connect to the db.
2004- inurl:”wvdial.conf” 05-24 intext:”passwor…
The wvdial.conf is used for dialup connections.it contains phone numbers,
2004- filetype:pem 05-17 intext:private
This search will find private key files… Private key files are supposed to be, well… privat…
2004filetype:conf slapd.conf 05-17
slapd.conf is the file that contains all the configuration for OpenLDAP, including the
2004- filetype:dat 05-17 “password.dat”
This file contains plaintext usernames and password. Deadly information in the
2004- filetype:log 05-13 inurl:”password.log”
These files contain cleartext usernames and passwords, as well as the sites
string (ofte…
and it call th…
There is …
cleartext….
found with the &qu…
view a clea…
“crede…
Lots of th…
usernames and passwor…
root pas…
hands of an atta…
associated with tho…
2004- filetype:url +inurl:”ftp://” These are FTP Bookmarks, some of which contain plaintext login names and 05-12 +inurl:&qu… passwords….
2004- inurl:vtund.conf 05-12 intext:pass -cvs filetype:reg reg 2004HKEY_CURRENT_USER 05-11 SSHHOSTKEYS
Theses are vtund configuration files (http://vtun.sourceforge.net). Vtund is an
encrypted tunne… This search reveals SSH host key fro the Windows Registry. These files contain
information abou…
2004- filetype:reg reg These pages display windows registry keys which reveal passwords and/or 05-07 +intext:”defaultusername&quo… usernames…. 2004- filetype:inc 05-05 intext:mysql_connect
INC files have PHP code within them that contain unencrypted usernames,
2004- filetype:properties inurl:db 05-04 intext:password
The db.properties file contains usernames, decrypted passwords and even
2004- intitle:”index of” 05-03 intext:globals.inc
passwords, and addresse…
hostnames and ip addres… contains plaintext user/pass for mysql database…
2004inurl:perform filetype:ini 05-03
Displays the perform.ini file used by the popular irc client mIRC. Often times
2004- intitle:”index of” 04-26 intext:connect.inc
These files often contain usernames and passwords for connection to mysql
2004eggdrop filetype:user user 04-26
These are eggdrop config files. Avoiding a full-blown descussion about
2004- filetype:cfm “cfapplication 04-19 name” passwo…
These files contain ColdFusion source code. In some cases, the pages are examples that are foun…
2004allinurl: admin mdb 04-16
Not all of these pages are administrator’s access databases containing usernames, passwords and…
2004intitle:Index.of etc shadow 03-04
This file contains usernames and (lame) encrypted passwords! Armed with
has channel pass…
databases. In many ca…
eggdrops and IRC bots, s…
this file and a decent …
2004ext:skr | ext:pgp | This file isa the secret keyring for PGP encryption. Armed with this file (and 03-04 inurl:secring ext:bak perhaps passphr… 2004- intitle:index.of 03-04 administrators.pwd
This file contains administrative user names and (weakly) encrypted password
2004htpasswd 03-04
This is a nifty way to find htpasswd files. Htpasswd files contain usernames and crackable pass…
2004passlist.txt (a better way) 01-23
Cleartext passwords. No decryption required!…
2003trillian.ini 08-19
for Microsoft Fron…
Trillian pulls together all sort of messaging clients like AIM MSN, Yahoo, IRC,
ICQ, etc. The v…
2003- inurl:config.php dbuname 07-29 dbpass
The old config.php script. This puppy should be held very closely. It should never be viewable …
2003auth_user_file.txt 07-11
DCForum’s password file. This file gives a list of (crackable) passwords, usernames and email a…
2003- filetype:xls username password This search shows Microsoft Excel spreadsheets containing the words 06-30 email username, password and emai… 2003-
This search gets you access to the etc directory, where many many many
etc (index.of)
types of password files …
06-27 2003passlist 06-27
I’m not sure what uses this, but the passlist and passlist.txt files contain passwords in CLEAR…
2003config.php 06-24
This search brings up sites with “config.php” files. To skip the technical discussion…
2003passwd / etc (reliable) 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003spwd.db / passwd 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003- htpasswd / htgroup 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003htpasswd / htpasswd.bak 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003pwd.db 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003master.passwd 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003-
There’s nothing that defines a googleDork more than getting your PASSWORDS
passwd
06-24
grabbed by Google fo…
2003people.lst 06-24
*sigh*…
2003- intitle:index.of 06-24 intext:”secring.skr”|&q…
PGP is a great encryption technology. It keeps secrets safe. Everyone from drug
2003mysql history files 06-24
The .mysql_history file contains commands that were performed against a mysql
lords to the he…
database. A “…
2014intitle:”Zimbra Web Client Log In” 04-21
Open Source Zimbra Webmail Login pages …
2014intitle:”Zimbra Web Client Sign In” 04-21
Open Source Zimbra Webmail Login pages …
2014inurl:typo3/install/index.php?mode= 04-07
typo3 install logins Bruno Schmid …
2014inurl:”Citrix/XenApp/auth/login.aspx” 03-31 201402-28 intitle:Admin inurl:login.php site:.co.in
Finds login portals for Citrix XenApp.– Andy G –
twitter.com/vxhex … dork submitted by M4RKM3N aka Osama Mahmood revels admin login panels of sites
…
2014allinurl:”zimbra/?zinitmode=http” -googl… 02-05
zimbra webmail login page lookup
2014allinurl:”/main/auth/profile.php” -githu… 01-03
[+] This dork will help you find Chamilo login portals. Depending on the version, the site co…
2013inurl:/administrator/index.php?autologin=1 12-03
Title: google hacking username and password of joomla
2013“inurl:/data/nanoadmin.php” 11-25
Hi, I would like to submit this GHDB which allow to find out
2013inurl:”/jenkins/login” “Page genera… 11-25
Finds login pages for Jenkins continuous integration servers. – Andy G – twitter.com/vxhex …
allinurl:”zimbra/?zinitmode=http” -google -github …
Google Dork: inurl:/administrator/index….
nanoCMS administration pages :…
2013Finds SimpleSAMLphp login pages.– Andy G – inurl:”/module.php/core/loginuserpass.php&quo… 11-25 twitter.com/vxhex … 2013allinurl:”owa/auth/logon.aspx” -google -… 11-25
[+] Description – Find OWA login portals Regards,
2013intitle:”Comrex ACCESS Rack” 09-24
IP Codecs offering “studio quality audio and video over wired and wireless IP circuits&qu…
necrodamus http://www.twitter.com/ne…
2013- inurl:phpmyadmin/index.php & (intext:username #Summary: PHP Admin login portals #Author: g00gl3 5c0u7 08-08 … … 2013intitle:”::: Login :::” & intext:&qu… 08-08
#Summary: Surveillance login portals #Author: g00gl3 5c0u7
2013inurl:8080 intitle:”login” intext:”… 08-08
#Summary: VoIP login portals#Category: Pages containing login portals #Author: g00gl3 5c0u7 …
…
2013intitle:”WebMail | Powered by Winmail Server … #Summary: Winmail login portals #Author: g00gl3 5c0u7 … 08-08 2013intitle:”Login – OTRS” inurl:pl 08-08
#Summary: OTRS login portals#Author: g00gl3 5c0u7 …
2013inurl:”/secure/login.aspx” 08-08
#Summary: Several Web Pages Login Portal#Category: Pages containing login portals #Author: g…
2013intext:”I’m using a public or shared computer… 08-08
#Summary: Windows Business Server 2003 Login portal #Category: Pages containing login portals …
2013- intitle:”.:: Welcome to the 08-08 Web-Based Configu…
#Summary: ZyXEL router login portal#Category: Pages containing login portals #Author: g00gl3…
2013- intitle:”Internet Security
#Summary: ZyWall Firewall login portal#Category: Various Online Devices
08-08 Appliance” &a…
#Author: g00gl3 5c0u…
2013inurl:5000/webman/index.cgi Synology nas login … 08-08 2013- “Welcome to phpMyAdmin” + Finds cPanel login pages. – Andy G – twitter.com/vxhex … 08-08 “Username… 2013- inurl:/secure/Dashboard.jspa Finds login pages and system dashboards for Atlassian’s JIRA. – Andy G – twitter.com/vxhex … 08-08 intitle:”System … 2013- intitle:”Cisco Integrated 08-08 Management Controll…
intitle:”Cisco Integrated Management Controller Login” The Cisco Integrated Manage…
2013- inurl:”dasdec/dasdec.csp” 08-08
inurl:”dasdec/dasdec.csp” DASDEC II Emergency Alert System User Manual: http://www….
2013intitle:”VNC Viewer for Java” VNC Viewer for Java ~4N6 Security~ … 08-08 2013- Serv-U (c) Copyright 199504-22 2013 Rhino Software, Inc…
# Category: FTP Login Portals # Description : Dork for finding FTP Login portals # Google Dor…
2013- intext:Computer Misuse Act Category : Pages containing login portals Description : Dork for finding sensitive 04-09 inurl:login.aspx login porta… 2013-
intext:YOU ARE ACCESSING A
Category : Pages containing login portals Description : Dork for finding
04-09 GOVERNMENT INFORMATIONgovernment login port… … intext:THIS IS A PRIVATE 2013Category : Pages containing login portals Description : Dork for finding sensitive SYSTEM AUTHORISED ACCESS 04-09 login porta…
…
2013- allintext: “Please login to 04-09 continue…”… 2013site:login.*.* 02-05
Reported by: Jasper Briels… DORK:site:login.*.* Description: Allow User To View Login Panel Of Many
WebSites.. Author:MT…
2012- you really should fix this 12-31 security hole by settin…
Gives sites with default username root and no password— nitish mehta …
2012inurl:phpliteadmin.php 11-02
The default password is ‘admin’ …
2012inurl:”InfoViewApp/logon.jsp” Google Hacking *SAP Business Object 3.1 XI* inurl:”InfoViewApp/logon.jsp” tw… 11-02 2012intitle:”DVR+Web+Client” 08-21 2012- Please-logon “intitle:zarafa
This dork will find most Linux-based DVR web clients that are accessible to the
web and throug… Zarafa Webaccess logon pages. Greetings, Alrik. …
08-21 webaccess “ 2012- intitle:”Log In” “Access 08-21 unsecured …
iOmega Storcenter login page: intitle:”Log In” “Access unsecured content with…
2012- inurl:/app_dev.php/login 08-21 “Environment”
Search for login screen in web aplications developed with Symfony2 in
2012inurl:”cgi-bin/webcgi/main” 08-21
inurl:”cgi-bin/webcgi/main” This dork finds indexed public facing Dell Remote Acce…
2012“mailing list memberships reminder” 05-15
Hi, By default, while subscribing to a mailing list on a website, running
a development environment…
Mailman (GNU) for…
2012- “Welcome to Sitecore” + “License Ho… Sitecore CMS detection. … 05-15 2011intitle:”cyber recruiter” “User ID&… 05-11
Search for login screen of default instance: Cyber Recruiter (applicant
2011- intitle:”Enabling Self-Service 05-11 Procurement&qu…
Search for login screen of default instance: Puridiom (A Procurement
2011- “Login Name” Repository Webtop 05-11 intitle:l…
Search for login screen of default instance: Documentum Webtop by
2011-
Search for login screen of default instance: Cascade Server CMS by
intitle:”cascade server” inurl:login.act
tracking and recruitin…
Web Application) …
EMC …
03-15
Hannon Author: Erik Horton …
2010inurl:src/login.php 11-13
Locates SquirrelMail Login Pages Author: 0daydevilz…
2010inurl:/dana-na/auth/ 11-12
Juniper SSL Author: bugbear…
2010- “Remote Supervisor Adapter II” 11-10 inurl:use…
IBM e-server’s login pages. Author: DigiP…
2010||Powered by [ClipBucket 2.0.91] 11-10
This search identifies clpbpucket installations. They frequently have an
admin/admin default pa…
2006- intitle:ARI “Phone System 10-02 Administrator”
Login page for “Asterisk Recording Interface” (ARI)….
2006- intitle:”AdventNet ManageEngine 10-02 ServiceDesk P…
serviceDesk Plus is a 100 % web-based Help Desk and Asset
2006inurl:”/?pagename=CustomerLogin” 09-20
Customer login pages for what looks like an inhouse eshop. More
2006-
Powered by Bariatric AdvantageAdmin Login:Admin login pages for
inurl:”/?pagename=AdministratorLogin”
Management software.vendor: h**p://ma…
information here:h**p://catalin…
09-20
what looks like an inhouse esho…
2006inurl:+:8443/login.php3 09-27
Plesk is a multi platform control panel solution for hosting.More information: hxxp://www.swsof…
2006- (intitle:”SilkyMail by Cyrusoft 08-03 International…
silkyMail is a free internet email client, from www.cyrusoft.com, that
runs in your browser. Th…
2006Webmail is a http based email server made by atmail.com. To get to intitle:”Login to @Mail” (ext:pl | inurl… 08-03 the admin login instead of t… 2006“SurgeMAIL” inurl:/cgi/user.cgi ext:cgi 08-03
surgemail is an email server from netwinsite.com that can be accessed
by a web browser. This do…
2006- intitle:Ampache intitle:”love of music” … 06-29
Ampache is a Web-based MP3/Ogg/RM/Flac/WMA/M4A
2006FlashChat v4.5.7 07-29
This simple search brings up lots of online Flash Chat clients.
2006intitle:”eXist Database Administration” … 05-03
Login Pages “eXist is an Open Source native XML database featuring efficient, index-based …
2006(intitle:”WmSC e-Cart Administration”)|(… 05-03
Login Pages for WebMyStyle.”WebMyStyle offers a full range of web hosting and dedicated se…
2006-
manager. It allows you to view, edit, and play y…
Flash Chat’s administration dir…
(intitle:”Please login – Forums powered by UB… Logins for Forums powered by UBB.threads…
05-03 2006intitle:”SHOUTcast Administrator” inurl:… 05-03
Login pages for SHOUTcast”SHOUTcast is a free-of-charge audio homesteading solution. It pe…
2006intitle:IMP inurl:imp/index.php3 05-03
Webmail Login pages for IMP”IMP is a set of PHP scripts that implement an IMAP based webma…
2006intitle:”TWIG Login” 05-03
“TWIG is a Web-based groupware suite written in PHP, compatible with both PHP3 and PHP4. I…
2006“SquirrelMail version” “By the Squi… 05-03
More SquirrelMail Logins…
2006intitle:(“TrackerCam Live Video”)|(“… 05-03
“TrackerCam® is a software application that lets you put your webcam on…
2006(intitle:”rymo Login”)|(intext:”We… 05-03
“rymo is a small but reliable webmail gateway. It contacts a POP3-server for mail reading …
2006- (intitle:”Please login – Forums powered by 05-03 WW…
“WWWthreads is a high powered, full scalable, customizable open source bulletin board pack…
2006-
Customer login pages”SalesLogix is the Customer Relationship
inurl:”/slxweb.dll/external?name=(custportal|…
05-03
Management Solution that driv…
2006intitle:”Employee Intranet Login” 05-03
Intranet login pages by decentrix.com…
2006inurl:”php121login.php” 05-03
“PHP121 is a free web based instant messenger – written entirely in PHP. This means that … i
2006The PHP Poll Wizard 2 ist a powerful and easy-to-use PHP-Script Please enter a valid password! inurl:polladmin 04-25 for creating and managing polls… 2006intitle:”EZPartner” -netpond 03-21
EZPartner is a great marketing tool that will help you increase
2006- intitle:”Login to @Mail” (ext:pl | inurl… 03-21
Webmail is a http based email server made by atmail.com. To
2006inurl:”vsadmin/login” | inurl:”vsad… 03-21
Ecommerce templates makes a online shopping cart solution.
2006“Web-Based Management” “Please inpu… 03-21
This dork finds firewall/vpn products from fiber logic. They only require a one-factor authent…
your sales by sending webmaster…
get to the admin login instead of r…
This search finds the admin login….
inurl:2000 2006RemotelyAnywhere is a program that enables remote control, in the same matter intitle:RemotelyAnywhere 03-21 as VNC. Once Log…
site:realvnc….
2006simply googleisinurl trick for Oscommerce for open administrator page.If no 03-07 inurl:”/admin/configuration. php?” Mysto… .htpassword set f… 2006inurl:ids5web 02-09
EasyAccess Web is a application to view radiological images online.Like in hospitals
2006- intext:”Fill out the form 02-08 below completely to…
The page to change admin passwords. Minor threat but the place to start an
2006- “Powered by Midmart 01-16 Messageboard” “…
Midmart Messageboard lets you run a highly customizable bulletin board with a
2006- intitle:Ovislink 01-16 inurl:private/login
or univers…
attack….
very nice user in… Ovislink vpn login page… .
2006- “intitle:3300 Integrated 01-14 Communications Platf…
logon portal to the mitel 330 integrated communications
platform.[Mitel® 330…
2006- “bp blog admin” intitle:login betaparticle (bp) blog is blog software coded in asp. This google dork finds the admin logins…. 01-02 | intitle:…
“Emergisoft web
2005applications are a part of 12-31
Hospital patient management system, in theory it could be dangerous….
ou…
2005- intitle:”b2evo > Login form” b2evolution is a free open-source blogging system from b2evolution.net. This dork 12-19 “Lo… finds the ad… 2005- intitle:”Admin login” “Web 12-19 Site Adm…
sift Group makes a web site administration product which can be accessed via a
web browser. Th…
2005- inurl:/Merchant2/admin.mv Miva Merchant is a product that helps buisnesses get into e-commerce. This dork 12-19 | inurl:/Merchant2/admin… locates their … 2005- “site info for” “Enter Admin This will take you to the cash crusader admin login screen. It is my first google 11-21 Passwo… hack.. also t… 2005- “Establishing a secure 11-16 Integrated Lights Out …
iLo and related login pages !? Whoops…..
2005- inurl:webvpn.html “login” 11-16 “Please e…
The Cisco WebVPN Services Module is a high-speed, integrated Secure Sockets
2005- “This is a restricted Access 11-16 Server” &qu…
Mostly Login Pages for iPlanet Messenger Express, which is a web-based electronic
2005- intitle:”Merak Mail Server 11-16 Web Administration…
User login pages for Merak Email Server Suite which consists of Merak Email
2005- “Powered by Merak Mail 11-13 Server Software” …
Webmail login portals for Merak Email ServerMerak Email Server Suite consists of
200511-12 “iCONECT 4.1 :: Login”
This search finds the login page for iCONECTnxt, it enables firms to search,
2005- intitle:”Novell Web 11-12 Services” “Grou…
Novell GroupWise is a complete collaboration software solution that provides
Layer (SSL) VPN ser…
mail program …
Server core and opt…
multiple award…
organize, and revi…
information worker…
2005- intitle:”*- HP WBEM Login” HP WBEM Clients are WBEM enabled management applications that provide the user interface and fu… 11-12 | “You a… 2005- intitle:”EXTRANET login” 11-12 .edu -.mil -.g… 2005- intitle:”EXTRANET * – 11-12 Identification”
This search finds many different Extranet login pag es…. WorkZone Extranet Solution login page. All portals are in french or spanish I
belive….
2005- intitle:”OnLine Recruitment This is the Employer’s Interface of eRecruiter, a 100% Paper Less Recruitment 11-12 Program – Login&q… Solution implemen… 2005- intitle:”Docutek ERes – 10-26 Admin Login” -ed…
Docutek Eres is software that helps libaries get an internet end to them. This dork
finds the a…
2005WEBppliance is a software application designed to automate the deployment and inurl:ocw_login_username 10-13 management of Web… 2005- intitle:”Supero Doctor III” - “Supero Doctor III Remote Management” by Supermicro, Inc.info: 09-26 inurl:super…
http://www.supermicro….
2005- intitle:”iDevAffiliate – 09-25 admin” -demo
Affiliate Tracking Software Adding affiliate tracking software to your site is one of
2005- “Please login with admin 09-25 pass” -“le…
PHPsFTPd is a web based administration and configuration interface for the
2005- intitle:”Admin Login” 09-25 “admin login&…
Blogware Login Portal: “An exciting and innovative tool for creating or enhancing your web…
2005- intitle:”Login Forum 09-23 Powered By AnyBoard”…
Anyboard Login Portals. In addition,A vulnerability has been reported in Netbula
the most…
SLimFTPd ftp serverI…
Anyboard 9.x &…
2005- intitle:”Login to the forums Aimoo Login Pages. “Looking for a free message board solution? Aimoo provides 09-23 – @www.aimoo.com… one of the m… 2005intitle:”i-secure v1.1″ -edu I-Secure Login Pages… 09-23 2005- inurl:/modcp/ there have been several dorks for vBulletin, but I could not find one in the search 09-23 intext:Moderator+vBulletin that target… 2005- intitle:”PHProjekt – login” 09-21 login passwo…
PHProjekt is a group managing software for online calenders, chat, forums, etc. I
looked aroun…
2005GreyMatter is prone to an HTML injection vulnerability. This issue is due to a failure “login prompt” inurl:GM.cgi 09-13 in the a… 2005- “Powered by Monster Top 09-13 List” MTL numran…
2 Step dork – Change url to add filename “admin.php” (just remove index.php&stuff…
2005- intext:”Master Account” 09-13 “Domain Na…
There seems to be several vulns for qmail….
intitle:”Content
2005Management System” 09-13
&quo…
2005- “Please authenticate 08-30 yourself to get access t…
iCMS – Content Management System…Create dynamic interactive websites in
minutes without knowi…
Photo gallery managment system login…
2005- intitle:”*- HP WBEM Login” HP WBEM Clients are WBEM enabled management applications that provide the 11-12 | “You a… user interface and fu… 2005- intitle:”EXTRANET login” 11-12 .edu -.mil -.g… 2005- intitle:”EXTRANET * – 11-12 Identification”
This search finds many different Extranet login pag es…. WorkZone Extranet Solution login page. All portals are in french or spanish I
belive….
2005- intitle:”OnLine Recruitment This is the Employer’s Interface of eRecruiter, a 100% Paper Less Recruitment 11-12 Program – Login&q…
Solution implemen…
2005- intitle:”Docutek ERes – 10-26 Admin Login” -ed…
Docutek Eres is software that helps libaries get an internet end to them. This dork
finds the a…
2005WEBppliance is a software application designed to automate the deployment and inurl:ocw_login_username 10-13 management of Web… 2005- intitle:”Supero Doctor III” - “Supero Doctor III Remote Management” by Supermicro, Inc.info: 09-26 inurl:super… http://www.supermicro…. 2005- intitle:”iDevAffiliate – 09-25 admin” -demo
Affiliate Tracking Software Adding affiliate tracking software to your site is one of
2005- “Please login with admin 09-25 pass” -“le…
PHPsFTPd is a web based administration and configuration interface for the
2005- intitle:”Admin Login” 09-25 “admin login&…
Blogware Login Portal: “An exciting and innovative tool for creating or enhancing your web…
2005- intitle:”Login Forum 09-23 Powered By AnyBoard”…
Anyboard Login Portals. In addition,A vulnerability has been reported in Netbula
the most…
SLimFTPd ftp serverI…
Anyboard 9.x &…
2005- intitle:”Login to the forums Aimoo Login Pages. “Looking for a free message board solution? Aimoo provides one of the m… 09-23 – @www.aimoo.com… 2005intitle:”i-secure v1.1″ -edu I-Secure Login Pages… 09-23 2005- inurl:/modcp/ there have been several dorks for vBulletin, but I could not find one in the search 09-23 intext:Moderator+vBulletin that target… 2005- intitle:”PHProjekt – login” 09-21 login passwo…
PHProjekt is a group managing software for online calenders, chat, forums, etc. I
looked aroun…
2005GreyMatter is prone to an HTML injection vulnerability. This issue is due to a failure “login prompt” inurl:GM.cgi in the a… 09-13 2005- “Powered by Monster Top 09-13 List” MTL numran…
2 Step dork – Change url to add filename “admin.php” (just remove
index.php&stuff…
2005- intext:”Master Account” 09-13 “Domain Na…
There seems to be several vulns for qmail….
intitle:”Content 2005Management System” 09-13
iCMS – Content Management System…Create dynamic interactive websites in
2005- “Please authenticate 08-30 yourself to get access t…
Photo gallery managment system login…
2005- “You have requested to 08-30 access the management …
Terracotta web manager admin login portal….
2005- intitle:”web-cyradm”|”by 08-30 Luc de Lou…
Web-cyradm is a software that glues topnotch mailing technologies together. The
2005- intext:”Master Account” 08-30 “Domain Nam…
qmail mail admin login pages.There are several vulnerabilities relating to this
&quo…
intitle:”Content
2005Management System” 08-30
&quo…
200508-28 inurl:csCreatePro.cgi
minutes without knowi…
focus is on adm…
software… iCMS – Content Management System…Create websites without knowing HTML or
web programming….
Create Pro logon pages….
2005- intitle:”xams 0.0.0..15 – 08-14 Login”
This is the login for xams it should catch from 0.0.1-0.0.150.0.15 being the latest
2005- “HostingAccelerator” 08-14 intitle:”login…
This will find the login portal for HostingAccelerator ControlPanel I have not looked
2005- “inspanel” intitle:”login” 08-15 &q…
version as …
for explo… This finds all versions of the inspanel login page….
2005- intitle:”communigate pro * Just reveals the login for Communigate Pro webmail. A brute force attack could be 08-11 *” intitle:&q… attempted. Th… 2005intitle:”AlternC Desktop” 08-15
This finds the login page for AlternC Desktop I dont know what versions….
2005intitle:phpnews.login 08-10
Vulnerable script auth.php (SQL injection)— from rst.void.ru —Possible scenario of
2005- intitle:”Cisco CallManager 08-08 User Options Log O…
[quote]Cisco CallManagerCallManager is a FREE web application/interface included
2005- inurl:”default/login.php” 07-26 intitle:”…
This dork reveals login pages for Kerio Mail server. Kerio MailServer is a state-ofthe-art gro…
2005- intitle:”Member Login”
Pretty standered login pages, they all have various differences but it appears that
07-24 “NOTE: Your …
they use th…
attack:[…
with your VoIP…
2005- “This section is for 07-24 Administrators only. If …
Nothing special, just one more set of login pages, but the “Administrators only”
2005- intitle:”Welcome to 07-22 Mailtraq WebMail”
Mailtraq WebMail is just another a web-based e-mail client. This is the login
2005- intitle:”TOPdesk 07-22 ApplicationServer”
Topdesk is some kind of incident ticket system with a webinterface. It requires:
line…
page….
Windows 98 and…
2005- “You have requested access BackgroundEasySite is a Content Management System (CMS) build on PHP and 07-20 to a restricted ar…
MySQL. Many easysite s…
2005inurl:textpattern/index.php Login portal for textpattern a CMS/Blogger tool…. 06-09 2005intitle:”Login to Cacti” 06-24
Cacti is a complete network graphing solution designed to harness the power of
RRDTool’s data s…
2005- intitle:”XMail Web Administration 06-09 Interface&q…
This search will find the Web Administration Interface for servers
2005intext:”Welcome to” inurl:”cp”… 06-05
This gives results for hosting plans that don’t have associated fees, so anyone can sign up wit…
2005- intitle:”XcAuctionLite” | “DRIVEN B… 06-07
This query reveals login pages for the administration of XcAuction
2005allintitle:”Welcome to the Cyclades” 06-02
This search reveals the login page for the Cyclades TS1000 and
2005intitle:”VisNetic WebMail” inurl:”/… 06-06
VisNetic WebMail is a built-in web mail server that allows VisNetic
running XMail.”XMail is…
and XcClassified Lite..”…
TS2000 Web Management Service. T…
Mail Server account holders…
2005- inurl:/SUSAdmin intitle:”Microsoft Software Microsoft SUS Server is a Patch Management Tool for Windows 05-23 U… 2000, XP and 2003 systems.It can be… 2005-
inurl:exchweb/bin/auth/owalogon.asp
Outlook Web Access Login POrtal…
05-15 2005inurl:Citrix/MetaFrame/default/default.aspxMetaFrame Presentation Server… 05-15 2005inurl::2082/frontend -demo 05-11
This allows you access to CPanel login dialogues/screens….
2005intitle:”WorldClient” intext:”Ã�… 05-02
MDaemon , Windows-based email server software, contains full
2005intitle:open-xchange inurl:login.pl 05-02
Open-Xchange 5 is a high performance substitute for costly and
mail server functionality and cont…
inflexible Microsoft Exchange de…
2005- intitle:”site administration: please log 05-02 in&q…
Real Estate software package, with the admin login screen…
2005inurl:gnatsweb.pl 05-02
GNU GNATS is a set of tools for tracking bugs reported by users to
2005- “Powered by DWMail” password 05-02 intitle:dwm…
What is DWmailâ„¢?: DWmailâ„¢ is an ‘…
2005-
Just another logon page search, this one is for SFX®, a link
a central site. It allows pr…
intitle:”SFXAdmin – sfx_global” | intitl…
04-27 2005intitle:”Zope Help System” inurl:HelpSys 04-27 2005intitle:ilohamail “Powered by IlohaMail” 04-17
server from Ex … By itself, this returns Zope’s help pages. Manipulation of the URL, changing ‘HelpSys’ to ‘mana… IlohaMail is a light-weight yet feature rich multilingual webmail
system designed for ease of u…
2005intitle:ilohamail intext:”Version 0.8.10″… 04-11
some version of ilohamail are vulnerable….
2005- intitle:"inc. vpn 3000 04-11 concentrator&q…
This search will show the login page for Cisco VPN 3000 concentrators. Since the default user …
2005- intext:"vbulletin" inurl:admincp vBulletin Admin Control Panel… 04-09 2005Dell OpenManage enables remote execution of tasks such as system configuration, inurl:”usysinfo?login=true” 01-25 imaging, applic… 2005- intext:”Mail admins login 01-24 here to administrat…
Another way to locate Postfix admin logon pages….
2005PhotoPost PHP Upload 01-13
PhotoPost was designed to help you give your users exactly what they want. Your
2005-
PHPhotoalbum is a picturegallery script. You can upload pictures directly from your
PHPhotoalbum Statistics
users will be t…
01-13
webbrowser….
2005PHPhotoalbum Upload 01-13
Homepage: http://www.stoverud.com/PHPhotoalbum/PHPhotoalbum is a
2005- inurl:”631/admin” 01-18 (inurl:”op=*”…
Administration pages for CUPS, The Common UNIX Printing System. Most are
2005- intitle:”VNC viewer for 01-15 Java”
VNC (Virtual Network Computing) allows a pc to be controlled remotely over the
picturegallery script. You can…
password protected….
Internet. These …
2005- inurl:”Activex/default.htm” This search will reveal the active X plugin page that allows someone to access PC 01-15 “Demo&q… Anywhere from…
2005- “pcANYWHERE EXPRESS 01-15 Java Client”
This search will reveal the java script program that allows someone to access PC
2004- intext:””BiTBOARD v2.0″ 12-19 BiTSHiFTERS…
The bitboard2 is a board that need no database to work. So it is useful for
2004- intitle:Login intext:”RT is 12-19 ÂÂ�…
RT is an enterprise-grade ticketing system which enables a group of people to
2004- intitle:”Athens
Athens is an Access Management system for controlling access to web based
12-19 Authentication Point”
subscription services…
2004- intitle:”Novell Web 12-19 Services” intext:&qu…
“Novell® GroupWise is an enterprise collaboration system that provides …
Anywhere from,…
webmaster that have…
intelligently and…
2004- inurl:1810 “Oracle 12-19 Enterprise Manager”
Enterprise Manager 10g Grid Control provides a single tool that can monitor and
2004- intitle:”WebLogic Server” 12-19 intitle:”…
BEA WebLogic Server 8.1 provides an industrial-strength application infrastructure
2004- intitle:”MX Control 12-19 Console” “If yo…
MX Logic’s customizable and easy-to-use MX Control Console…
manage not only…
for developi…
2004- inurl:”1220/parse_xml.cgi?” Quicktime streaming server is uhhhhh…..well it’s a streaming server and it can be 12-10 managed via… 2004- intitle:”vhost” intext:”vHost vHost is a one-step solution for all virtual hosting needs. It enables a Linux/BSD 12-13 . 200… server with … 2004- intitle:”VitalQIP IP 12-07 Management System”
The VitalQIP Web Client Interface provides a World Wide Web interface for the
VitalQIP IP Manag…
2004- intext:”Storage These pages can reveal information about the operating system and patch level, as 11-30 Management Server for” i… well as provi… 2004- intitle:”PHP Advanced Transfer” PHP Advacaned Transfer is GPL’d software that claims to be the “The ultimate 11-28 inurl:&q… 2004- inurl:coranto.cgi intitle:Login 11-28 (Authorized Users …
PHP download … Coranto is one of the most powerful Content Management System (CMS)
available on the market. It…
2004- inurl:/webedit.* intext:WebEdit WebEdit is a content management system. This is the login portal search…. 11-18 Professional -html 2005- intitle:”phpPgAdmin – Login” 03-03 Language
phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect
for PostgreSQL DBAs…
2004- inurl:postfixadmin intitle:”postfix Postfix Admin login pages. Duh…. 11-16 admin&quo…
2004- intitle:”Icecast Administration 11-07 Admin Page&qu…
Icecast streaming audio server web admin.This gives you a list of connected
2004inurl:irc filetype:cgi cgi:irc 11-04
CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker
2004- intitle:”php icalendar 10-31 administration” -…
This is the adminstration login portal search for PHP iCalendar. It is
2004- intitle:”php icalendar
PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF
10-31 administration” -…
spec. It displays …
2004- inurl:login.php “SquirrelMail 10-20 version”
squirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PH…
2004- inurl:/dana10-20 na/auth/welcome.html
Neoteris Instant Virtual Extranet (IVE) has been reported prone to a cross-site
2004intitle:plesk inurl:login.php3 10-20
Plesk is server management software developed for the Hosting Service
2004- “OPENSRS Domain 10-19 Management” inurl:manage…
OpenSRS Domain Management SystemNo vulnerabilities are reported to
2004- “Login – Sun Cobalt RaQ” 10-19
The famous Sun linux appliance. Nice clean portal search.Various
2004- intitle:”ISPMan : Unauthorized 10-19 Access prohibi…
ISPMan is a distributed system to manage components of ISP from a central
2004“SysCP – login” 10-19
sysCP: Open Source server management tool for Debian LinuxNo
2004- intitle:”Virtual Server 10-19 Administration System…
VISAS, German control panel software like confixx.No vulnerabilities are
2004“VHCS Pro ver” -demo 10-19
VHCS is professional Control Panel Software for Shared, Reseller, vServer and
2004- inurl:confixx 10-19 inurl:login|anmeldung
Confixx is a webhosting management tool and has the following features: *
clients. Interestin…
could communicate a…
compatible with Evolutio…
scripting vulne…
Industry. Various vulnera…
security focus….
vulnerabilities are reported t…
management interface….
vulnerabilities are reported to se…
reported to security f…
Dedicated Servers…
create resellers, * e…
2004aspWebCalendar is a browser based software package that runs over a inurl:”calendar.asp?action=login” 10-06 standard web browser, such … 2004- “IMail Server Web 10-19 Messaging” intitle:log…
intitle:”remote
2004assessment” OpenAanval 10-16
C…
IMail Server from Ipswitch is a messaging solution with 60 million users worldwide.
It contains… The Aanval Intrusion Detection Console is an advanced intrusion detection monitor
and alerting …
2004- “WebExplorer Server – 10-16 Login” “Welco…
WebExplorer Server is a web-based file management system for sharing files with
user permission…
2004- intitle:”Philex 0.2*” -script - Philex (phile ‘file’ explorer) is a web content manager based php what philex can 10-14 site:free… do ? – eas… 2004- inurl:default.asp 10-14 intitle:”WebCommander”
Polycom WebCommander gives you control over all aspects of setting up
2004-
MailMan is a product by Endymion corporation that provides a web based
intitle:”MailMan Login”
10-11
conferences on Polycom MG…
interface to email via P…
2004- intitle:”oMail-admin oMail-webmail is a Webmail solution for mail servers based on qmail and 10-05 Administration – Login&q… optionally vmailmgr or … 2004- intitle:”microsoft certificate Microsoft Certificate Services Authority (CA) software can be used to issue digital certificate… 09-24 services”… 2004inurl:mewebmail 09-23
MailEnable Standard Edition provides robust SMTP and POP3 services for Windows
2005W-Nailer Upload Area 01-13
What is W-Nailer?W-Nailer is a PHP script which can create galleries for you.It uses
NT/2000/XP/2003 …
a graphica…
2004- inurl:”typo3/index.php?u=” TYPO3 is a free Open Source content management system for enterprise purposes 09-21 -demo on the web and in… 2004- inurl:administrator 09-21 “welcome to mambo”
Mambo is a full-featured content management system that can be used for
2004ez Publish administration 09-21
Thousands of enterprises, governmental offices, non-profit organizations, small
2004- intitle:”Tomcat Server 09-18 Administration”
This finds login portals for Apache Tomcat, an open source Java servlet container
everything from simple …
and middle size…
which can run…
2004- intitle:”Login – powered by Easy File Sharing Web Server is a file sharing software that allows visitors to 09-18 Easy File Sharing… upload/download… 2004- “Login to Usermin” 09-18 inurl:20000
Usermin is a web interface that can be used by any user on a Unix system to easily
2004intitle:”TUTOS Login” 09-18
TUTOS stands for “The Ultimate Team Organization Software.” This search finds the log…
perform task…
2004- filetype:pl “Download: SuSE this search will get you on the web administration portal of linux open exchange 09-10 Linux Openexchang… servers…. 2004- 4images Administration 08-25 Control Panel
4images Gallery – 4images is a web-based image gallery management system. The
4images administr…
intitle:Novell 2004intitle:WebAccess 08-21
search to show online Novell Groupwise web access portals….
“Copyright *…
2004inurl:”gs/adminlogin.aspx” 08-20
GradeSpeed seems to be a .NET application to administer school results for
2004intitle:Login * Webmailer 08-20
1&1 Webmail login portals. This is made by a german company called Internet
2004- Login (“Powered by Jetbox 08-20 One CMS âÃ�…
Jetbox is a content management systems (CMS) that uses MySQL or equivalent
2004- intitle:”ITS System 08-16 Information” “P…
Frontend for SAP Internet Transaction Server webgui service….
Novell NetWare 2004intext:”netware 08-16
Netware servers ( v5 and up ) use a web-based management utility called Portal
management por…
2004- “powered by CuteNews” 08-16 “2003..2005 C…
several schools usin…
United active i…
databases. There is …
services, which … This finds sites powered by various CuteNews versions. An attacker use this list
and search the…
These are login pages for Infopop’s message board UBB.classic. For the 2004- inurl:cgi08-13 bin/ultimatebb.cgi?ubb=login UBB.threads you can use … 2004- intitle:”please login” “your 08-13 passwo…
These administrators were friendly enough to give hints about the password….
2004Ultima Online loginservers 08-09
This one finds login servers for the Ultima Online game….
2004- “WebSTAR Mail – Please Log @stake, Inc. advisory: “4D WebSTAR is a software product that provides Web, 08-09 In” FTP, and Mail … 2004- intitle:”teamspeak server08-09 administration
TeamSpeak is an application which allows its users to talk to each other over the
internet and …
2004- inurl:/cgisQWebmail login portals…. 08-06 bin/sqwebmail?noframes=1 2004- (inurl:”ars/cgi08-05 bin/arweb?O=0″ | inurl:a… 2004- intitle:Node.List 08-05 Win32.Version.3.11
From the vendor site: “Remedy’s Action Request System… synchronet Bulletin Board System Software is a free software package that can
turn your persona…
From the marketing brochure: “UltiPro Workforce Management offers you the 2004inurl:”utilities/TreeView.asp” most comprehensi… 07-29 2004- ASP.login_aspx
.NET based login pages serving the whole environment and process trace for your
07-26 “ASP.NET_SessionId”
viewing pleasur…
2004Powered by INDEXU 07-22
From the sales department: “INDEXU is a portal solution software that allows you to build …
2004phpWebMail 07-12
PhpWebMail is a php webmail system that supports imap or pop3. It has been
reported that PHP…
2004- filetype:php 07-09 inurl:”webeditor.php”
This is a standard login portal for the webadmin program….
2004-
CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could
CGI:IRC Login
communicate a…
06-22
2004According to Microsoft “Microsoft (R) Outlook (TM) Web Access is a Outlook Web Access (a better way) Microsoft Exchange Acti… 06-18 2004“ttawlogin.cgi/?action=” 06-04
Tarantella is a family of enterprise-class secure remote access software products. This Google-…
2004- intitle:”Welcome Site/User 06-10 Administrator”…
service providers worldwide use Ensim’s products to automate the management of their hosting s…
2004intitle:”ZyXEL Prestige Router” “En… This is the main authentication screen for the ZyXEL Prestige Router…. 06-04 2004- filetype:r2w r2w 06-04
WRQ Reflection gives you a standard desktop that includes web- and Windows-based terminal emula…
2004inurl:search/admin.php 05-30
phpMySearch is a personal search engine that one can use to provide a
2004inurl:/eprise/ 05-26
silkRoad Eprise is a dynamic content management product that simplifies
2004- intitle:”Dell Remote Access 05-17 Controller”
This is the Dell Remote Access Controller that allows remote
2004-
This is a simple search for a login page. Attackers view login pages as the
“please log in”
search feature for one’s …
the flow of content to …
administration of a Dell server….
05-13
“front door&qu…
2004inurl:login filetype:swf swf 05-12
This search reveals sites which may be using Shockwave (Flash) as a login
2004inurl:”webadmin” filetype:nsf 05-11
mechanism for a site…. This is a standard login page for Domino Web Administration….
2004This iks the login page for eMule, the p2p file-sharing program. These intitle:”eMule *” intitle:”- Web Co… 05-11 pages forego the login n… 2004inurl:/Citrix/Nfuse17/ 05-10
These are Citrix Metaframe login portals. Attackers can use these to profile
a site and can use…
2004- inurl:metaframexp/default/login.asp These are Citrix Metaframe login portals. Attackers can use these to profile 05-10 | intitle:&quo… a site and can use… 2004inurl:names.nsf?opendatabase 05-04
A Login portal for Lotus Domino servers. Attackers can attack this page or
2004- intitle:”Remote Desktop Web 04-28 Connection” …
This is the login page for Microsoft’s Remote Desktop Web Connection, which allows remote users…
2004- intitle:”MikroTik RouterOS
use it to gather inf…
This is the front page entry point to a “Mikro Tik” Router….
04-26 Managing Webpage&q… 2004“VNC Desktop” inurl:5800 04-21
VNC is a remote-controlled desktop product. Depending on the
2004inurl:/admin/login.asp 04-21
This is a typical login page. It has recently become a target for SQL
2004inurl:login.asp 04-21
This is a typical login page. It has recently become a target for SQL
configuration, remote users may no…
injection. Comsec’s artic…
injection. Comsec’s artic…
2004Webmin is a html admin interface for Unix boxes. It is run on a proprietary web inurl:”:10000″ intext:webmin 04-20 server listenin… 2004- inurl:login.cfm 04-19
This is the default login page for ColdFusion. Although many of these are secured,
2004- intitle:”ColdFusion 04-19 Administrator Login”
This is the default login page for ColdFusion administration. Although many of
this is an i…
these are secure…
According to Microsoft “Microsoft (R) Outlook (TM) Web Access is a Microsoft 2004allinurl:”exchange/logon.asp” Exchange Acti… 04-16 2014- intitle:not accepted 02-05 inurl:”union+select”…
Find IDS and Mod security dork: intitle:not accepted inurl:”union+select” inurl:…
2013-
Java Web Start (Java Network Launch Protocol) — -[Voluntas Vincit Omnia]-
filetype:jnlp
11-25
website http:/…
2013- intitle:”RT at a glance” 11-25 intext:”qu…
RT Request Tracker Ticket Database http://www.bestpractical.com/rt/ —-
2013intitle:”IPCam Client” 11-25
Foscam IPCam By default these cameras attach to the myfoscam.org DDNS.
2013- inurl:*/graphs* intitle:”Traffic 09-24 and system r…
With this search you can view results for mikrotik graphics interfaces
2013intitle:”Web Client for EDVS” 09-24
[Voluntas Vincit …
So you could add sit…
*Obrigado,*… Yet another DVR system. Probably requires Java to display. 4N6 Security …
2013inurl:”/webcm?getpage=” 09-24
Returns various Actiontec (and often Qwest) branded routers’ login pages. 4N6 Security …
2013- intitle:”RouterOS router 09-24 configuration page&q…
Returns login portals for Microtik routers running RouterOS version 5 and up.
2013inurl:”/cgi-mod/index.cgi” 09-24
Returns login pages for various Barracuda Networks branded hardware spam
2013-
Dork : intitle:”SPA504G Configuration” Result : Gives access to Cisco SPA504G
intitle:”SPA504G Configuration”
4N6 Security …
filters and mail arch…
09-24
Config…
2013- intitle:”Web Image Monitor” & 08-08 inurl:…
#Summary: Several printers that use “Web Image Monitor” control panel (
2013- intitle:”Transponder/EOL 08-08 Configuration:”…
#Summary: Cheeta Technologies Transponder Configuration Portal (*
2013- intitle:”NetBotz Network 08-08 Monitoring Appliance…
#Summary:Various Online Divices#Category: Pages containing login portals #Author: g00gl3 5c0…
2013intitle:”Weather Wing WS-2″ 08-08
#Summary:Weather Wing (http://www.meteo-system.com/ws2.php) Portal. #Category: Various Online …
2013- inurl:/voice/advanced/ 04-22 intitle:Linksys SPA configu…
This allows you to look at linksys VOIP Router Config pages. …
2013inurl:/control/userimage.html 02-05
Mobotix webcam search. yet another newer search …
http://ricoh…
http://www.cheetahtech.com)….
2012- inurl:”Orion/SummaryView.aspx” Hello, Enumerate Solarwinds Orion network monitoring portals. In some 11-02 intext:&q… cases, the portal ca… 2012inurl:”/level/13|14|15/exec/” 11-02
inurl:”/level/13|14|15/exec/” Cisco IOS HTTP Auth Vulnerability .. Command before …
2012- intitle:”dd-wrt info” 11-02 intext:”Firmw…
This dork finds web interfaces of various routers using custom firmware DD-
2012inurl:32400/web/index.html 11-02
Submitting this for the GHDB. These are web accessible Plex Media Servers
2012- intitle:”Pyxis Mobile Test Page” 11-02 inurl:&…
Pyxis Mobile Test Page intitle:”Pyxis Mobile Test Page” inurl:”mpTest.aspx&qu…
2012‘apc info’ ‘apc.php?SCOPE=’ 08-21
This dork will locate Unsecured PHP APC Installations. With regards, Shubham
2012- intext:”You may also donate 08-21 through the Money…
WRT. Default login…
where you can watch…
Mittal (Hack … Still find alot of equipment running v24 sp1 …
2012- intitle:”hp laserjet” 08-21 inurl:info_configu…
HP LaserJet printers …
2012- inurl:Settings.aspx intitle:BeyondBeyond TV gives you the capability to turn your PC into a high quality, digital video recorder… 05-15 TV 2012This dork finds Wireless Security/Webcams that are accessible from the web. intitle:”HtmlAnvView:D7B039C1″ 05-15 The interesting p… 2011-
inurl:cgi-bin/cosmobdf.cgi?
COSMOView for building management. Author: GhOsTPR …
12-28 2011- inurl:RgFirewallRL.asp | 12-27 inurl:RgDmzHost.asp | inu…
Gateway Routers Author: GhOsT-PR …
2011intitle:SpectraIV-IP 12-26
Google dork for pelco SpectraIV-IP Dome Series cameras Default
2011inurl:/cgi-bin/makecgi-pro 12-12
Brings up listings for Iomgea NAS devices. Password protected folders are
2011- allintitle:”UniMep Station 12-10 Controller”
UniMep is a device for managing fuel station. You can see process of fueling
2011- inurl:”:9000″ PacketVideo 07-26 corporation
inurl:”:9000″ PacketVideo corporation About: This provides Twonky Server Media int…
2010inurl:/level/15/exec/11-21
Default Cisco 2800 Series page…
2010- inurl:/exec/show/tech11-21 support/cr
Default Cisco 2800 Series page…
2010- inurl:/level/15/exec/11-21 /configure/http
Default Cisco 2800 Series page…
username/password “admin/a…
susceptible to authe…
cars and you can …
2010allintitle:”SyncThru Web Service” This search finds Internet-connected Samsung printer control panels…. 11-11 2010- intitle:”EvoCam” 11-10 inurl:”webcam.html”
This search identifies EvoCam cameras accessible over the Internet. There are
2006- intitle:Top “Vantage Service 10-02 Gateway” -i…
VSG1200 Vantage Service Gateway (topframe), go up one level for the login
2006intitle:”Net2Phone Init Page” 10-02
Net2Phone CommCenter® is software that allows you to make phone calls and se…
2006- intitle:”Your Network Device” 10-02 Status (LA…
Login page for the Solwise Sar715+ ADSL Router from solwise.co.uk. Thanks to jeffball55 for the…
also public explo…
page. Vendor page at …
2006- “SnapGear Management 10-02 Console” “Welc…
“Welcome to the SnapGear Unit! To begin configuring your SnapGear unit now, use the menu t…
2006- “Welcome to the CyberGuard “Welcome to the CyberGuard unit! To begin configuring your CyberGuard unit now, use the me… 10-02 unit!” 2006- “LANCOM DSL/*-* Office *” 10-02 “Entry Pa… 2006-
inurl:wrcontrollite
h**p://www.lancom-systems.de/Login page for these Lancom online DSL
devices…. Browse up to 16 security cameras at one time :)…
09-11 2006allintitle:”DVR login” 06-30
softwell Technology “Wit-Eye” DVR.Default user/pass is admin:adminRequires ActiveX…
2006- intitle:”stingray fts login” | ( 06-29 login.j…
The Stingray File Transfer Server: Open communication regardless of platform,
protocol or locat…
2006Near broadcast quality video over the internet. A full 30fps at the 320 X 240 size. intitle:”BlueNet Video Viewer” 06-25 12fps at th… 2006- allintitle: Axis 2.10 OR 2.12 OR No one search will reveal all Axis cameras. This is a variant for the 2xxx series…. 06-25 2.30 OR 2.31 OR 2… 2006- intitle:”Live View / – AXIS” | 06-25 inurl:vie…
No one search will reveal all Axis cameras. This is my mod of one of the queries. It
usualy ret…
2006intitle:”Divar Web Client” 06-25
Boshe/Divar Net Cameras. Uses ActiveX– IE only….
2006- allintitle: EDR400 login | 06-25 Welcome
Everfocus EDR400…
2006- allintitle: EDR1600 login | 06-25 Welcome
Everfocus EDR1600…
2006- allintitle:Edr1680 remote 06-25 viewer
Everfocus EDR1680. Only returns 2 or 3 results, but submitted for completeness
sake….
2006- allintitle: EverFocus | EDSR | Modified Everfocus search, pulls in EDSR400’s as well s a few strays missed by srcinal query…. 06-25 EDSR400 Applet 2006- intitle:”SNC-RZ30 HOME” 06-22 demo
This search will reveal Sony’s SNC -RZ30 IP camera’s web interface. Quite a few of these camera…
2006inurl:cgi-bin/guestimage.html just more more MOBOTIX’s… 05-04 2006- (intitle:(EyeSpyFX|OptiCamFX) just more cameras vendor site: http://www.eyespyfx.com/… 05-04 “go to camera&q…
2006- intitle:”Veo Observer XT” 05-04 inurl:shtml|p…
just more results for
2006- intitle:”iGuard Fingerprint 05-04 Security System&q…
vendor:http://www.iguardus.com/dome information disclosure: employeers list
2006- intitle:”Device Status 05-03 Summary Page” -de…
hxxp://www.netbotz.com/products/index.htmlNetwork/server/room security
this:http://johnny.ihackstuff.com/index.php?module=prodreviews&func=s…
& free camera a…
and enviromental alarm d…
(intitle:MOBOTIX 200604-19 intitle:PDAS) |
more cams…vendor site: http://www.mobotix.com/layout/set/index/language/index…
2006intitle:”IVC Control Panel” 04-18
this searches for security cameras, vendor site:http://www.ivcco.com/…
2006- intitle:”Edr1680 remote 03-21 viewer”
This search finds the 1680 series digital video recorder from EverFocus….
(intitle:MOBOTIX …
2006- “OK logout” 03-21 inurl:vb.htm?logout=1
This is a google dork for Hunt Electronics web cams. To get to the cameras remove
the vb.htm?l…
2006- intitle:”DVR Client” -the 03-21 free -pdf -do…
This dork finds digital video recording client from Nuvico….
2006intitle:”GigaDrive Utility” 03-18
Linksys GigaDrive network storage utility….
2006- intitle:”Ethernet Network 03-18 Attached Storage U…
Linksys network storage utility….
2006- intitle:”Skystream Networks skystream NetworksEdge Media Router…. 03-18 Edge Media Router… 2006- intitle:”NAS” 03-18 inurl:indexeng.html
Disk Online Server NAS device….
2006to handle … 03-18 intext:”you frequent configuration
ELSA DSL lan modems….
2006- intitle:”WxGoos-” (“Camera This is used in serverrooms and such where climate conditions are crucial to 03-18 image&qu… hardware health. I… 2006- intitle:”AR-*” “browser of 03-18 frame de…
A few Sharp printers …..
2006- intitle:”Webview Logon 03-18 Page”
This is the web interface for Alcatel’s Omniswitch. Default login is: admin/switch….
2006- inurl:setdo.cgi intext:”Set 02-08 DO OK”
Dcs-2100 camerasBy removing “intext:Set DO OK” you will get more hits but they
will r…
2006- intext:”Welcome to Taurus” Celestix Networks, Inc., the premier supplier of network server appliance, 02-08 “The Tau… announces the Taurus… 2006- intitle:”::::: INTELLINET IP 01-16 Camera Homepage …
A variation on Jeffball55’s srcinal Intellinet Ip Camera.This search finds several more web ca…
2006- intitle:”Dell Laser Printer *” Dell laser printers. This search finds different results that dork id 1077…. 01-02 port_0 -j… 2005-
DCS inurl:”/web/login.asp”
12-31
Login pages for the DCS-950 Web Camera. Even comes with a built in
microphone….
2005- intitle:Axis similar searchs exist. This search finds a few more results as well as access to the 12-31 inurl:”/admin/admin.shtml” Admin area… 2005inurl:/img/vr.htm 12-31
Linksys wireless G Camera….
2005inurl:Printers/ipp_0001.asp 12-08
Thanks to Windows 2003 Remote Printing…
2005intitle:”Snap Server” intitle:”Home… 11-28
This an online device, you can search for unpassworded shares on
2005- intitle:”Sony SNT-V304 Video Network 11-21 Station&…
The SNT-V304 Video Network Station.Sony’s network camera control
2005- Display Cameras intitle:”Express6 Live 11-21 Image&…
Express6 live video controller.Displays video from “Netlive Cameras” found in this se…
2005- intitle:”Iomega NAS Manager” 11-16 ihackstuff…
Login page dork for Iomega NAS Manager.. There’s only 1 result for it
2005- intitle:Cisco “You are using an old 11-16 browser o…
Snap Appliance Server.Moderato…
station….
now, but this could chang… Login pages for Ciso VPN Concentrator stuff…
2005- intitle:”Summit Management Interface” Extreme Networks Summit Switches Web admin pages. Server: 11-16 -g…
Allegro-Software-RomPager/2.10…
2005- intitle:”SNOIE Intel Web Netport 11-16 Manager”…
Intel Netport Express Print Server….
2005- “This page is for configuring Samsung 11-11 Network…
several different samsung printers…
2005(“port_255/home”)|(inurl:”home?port… standered printer search. Moderator note: see also dork id=1221… 11-05 2005- intitle:”IQeye302 | IQeye303 | 10-03 IQeye601 | IQe…
This is a googledork for IQeye netcams. Some of which you can control
how they tilt/zoom. The …
2005- (intitle:”VisionGS Webcam 09-29 Software”)|(in…
I don’t know if the google query got submitted right because it looks truncated. here it is ag…
2005- intitle:”Biromsoft WebCam” -4.0 -serial Brimsoft webcam software enables anyone with a webcam to easily create a webcam http server. T… 09-29 … 2005intitle:”Netcam” intitle:”user logi… 09-26 2005-
intitle:”Orite IC301″ | intitle:”OR…
just yet other online cam….
This search finds orite 301 netcams with audio capabilities….
09-21 2005- Phaser numrange:100-100000 Name 09-21 DNS IP “More …
This is a search for various phaser network printers. With this search
you can look for printe…
2005Netbotz devices are made to monitor video, temperature, electricity intitle:”netbotz appliance” -inurl:.php … and door access in server r… 09-16 2005- intitle:”NetCam Live Image” -.edu -.gov This is a googledork for StarDot netcams. You can watch these cams 09-06 … and if you have the admin p… 2005intitle:”INTELLINET” intitle:”IP Ca… 08-27
This googledork finds INTELLINET ip cameras. They are used to monitor
things and have a web in…
2005- intitle:iDVR -intitle:”com | net | shop”… Online camera. Default login is administrator and password blank. 08-17 Video server runs default on … 2005intitle:”Network Storage Link for USB 2.0 Dis… 08-12 2005“Summary View of Sensors” | “sensor… 08-07
Networked USB hard drives (NSLU2). Be sure to
disable Google’s filter (&filters=0) as that… sensorProbe is a SNMP enabled and Web based Environmental Monitoring Device. The sensors
attach…
2005intitle:”HP ProCurve Switch *” “Thi… 08-07
HP ProCurve Switch web management pages, found by
200508-07 intitle:”V1″ “welcome to phone sett…
This is a small searchiTalkBB for theisItalk BB899 Adaptor login page. a local andPhone lon…
2005intitle:”WEBDVR” -inurl:product -inurl:d… 07-22
DVR is a generic name used to describe the recording
2005intitle:”Java Applet Page” inurl:ml 07-22
Another Standalone Network Camera.Default Login:
2005intitle:”Veo Observer Web Client” 07-22
Another online camera search. This one uses ActiveX thingies, so you need a M$ browser. Append …
2005intitle:”Middle frame of Videoconference Mana… 07-22
Tandberg is a manufacturer of videoconferencing A
their [noscript] html tags. Please note: this…
process with a digital cam (digitial video…
remove wg_jwebeye.ml to get a nice clue ..Serv…
videoconference (also known as a video teleco…
2005intitle:”TANDBERG” “This page requi… 07-22
Tandberg is a manufacturer of videoconferencing A
2005tilt intitle:”Live View / – AXIS” | inur… 07-07
A small modification to the AXIS camera search– it
2005intitle:”AXIS 240 Camera Server” intext:… 06-10
This search finds AXIS 240 Camera Servers (as opposed
2005-
intitle:”GCC WebAdmin” -gcc.ru
videoconference (also known as a video teleco…
now returns cameras with pan / tilt, which …
to just the cameras) which can host many … All sorts of various printer status information…
06-08 2005“RICOH Network Printer D model -Restore Factor… 06-07 2005printers/printman.html 06-07
Not a whole lot here…. some interesting information on printer status
including Name, Location, Model, Pagecount, Acti…
2005intitle:”Dell Laser Printer M5200″ port_… 06-07
Dell Laser Printer M5200…
2005intitle:”configuration” inurl:port_0 06-07
More dell and lexmark printers, The usual things
2005- inurl:”CgiStart?page=” 06-08
This search reveals even more Panasonic IP cameras!…
2005inurl:”S=320×240″ | inurl:”S=160×12… 06-07
Mobile cameras? Not sure what camera type this is for
included….
but they are all from Asia and no passwor…
2005Kpix Java Based Traffic Cameras. Based at CBS (cam1java)|(cam2java)|(cam3java)|(cam4java)|(cam5j… 06-01 broadcasting for San Fransisco, Oakland, and San… 2005intitle:”Netopia Router (*.)””to vi… 06-03
Web admin for netopia routersThis Web tool provides
access to information about the current sta…
2005- ( intitle:”PacketShaper
Packeteer’s PacketShaper is an application traffic management system that
05-20 Login”)|(intitle… 2005- intitle:”PacketShaper 05-19 Customer Login”
monitors, controls, a… r Customers…. PacketShaper Login.Provides login access for PacketShape
2005oA few Online Dell Printers, status, paper, toner levels, ips macs, the usual.. intitle:”Dell *” inurl:port_0 (Lexmark and De… 05-31
“To view the Web
2005interface of the 05-20
speedtouch 510 DSL modem devices that were once unprotected. That may have
2005inurl:start.htm?scrw= 05-14
VPON (Video Picture On Net) is a video surveillance setup which seems to be used
SpeedTouch,…
changed by now….
by a lot of bu…
2005- intitle:”— VIDEO WEB 05-14 SERVER —” intex…
AVTech Video Web Server is a surveillance producted that is directly connected to
the internet …
2005- intext:”Powered by: Adobe Printers equipped with Adobe’s PrintGear technologyAdobe’s PrintGear technology is a new printi… 05-14 PrintGear” inu… 2005- intitle:”InterJak Web 05-20 Manager” 2005- intitle:”SWW link” “Please
A router device by Uroam (formerly FilaNet), with email and VPN possibilities….
Zyxel Zywall…
05-02 wait……. 2005inurl:”port_255″ -htm 05-02
Another way to dig up some not yet dorked Lexmark and a couple of Dell
2005- intitle:”Freifunk.Net – 05-02 Status” -site:co…
Hacked WRT54G Freifunk firmware. The router is based on Linux so after the GPL the source code …
ext:dhtml 2005intitle:"document 05-02
Various Online Devices>Xerox (*Centre)…
printers.http://johnny.i…
centre|(home)…
2005- “Please use Netscape 2.0 04-27 or enhance !!” …
A search for some HTML code used in a variety of D-link network devices (webcams
and such)….
2005- intitle:”NeroNET – burning NeroNet is an onlineburning device by Nero. Basically with this query you’ll get a 04-20 online” listing of … 2005Winamp Web Interface 04-11
Just a bit of fun, should reveal a few instances of a Winamp HTTP control program. Without logi…
2005- intitle:”OfficeConnect 04-16 Cable/DSL Gateway”…
This query allows you to find OfficeConnect Cable/DSL Gateways, by locating the browser-check p…
2005inurl:JPGLogin.htm 04-12
webserver detection for GeoHttpServer, the page is the login page or guest cam.
2005- “display printer status” 04-16 intitle:”H…
Don’t ask why t… Xerox Phaser printers….
2005- intitle:jdewshlp “Welcome HP Officejet help page. Remove “help.html” for main page…. 04-12 to the Embedded Web… 2005inurl:/en/help.cgi “ID=*” 04-12
Aficio printers (this search locates the help pages)..
2005intitle:”Lexmark *” inurl:port_0 04-12
Lexmark printers (4 models)…
2005- intitle:”OfficeConnect Wireless 04-12 11g Access Po…
OfficeConnect Wireless 11g Access Point…
2005“Webthru User Login” 03-20
samsung webthru cameras…
2005- intitle:”actiontec” main setup 03-20 status &q…
Actiontec Routers….
2005- intitle:”BorderWare MXtreme 03-20 Mail Firewall Log… 2005- intitle:”Service Managed Gateway
BorderWare MXtreme Mail firewallMXtreme is a hardened appliance with a
highly robust mail trans… service Managed Gateway from VirtualAccess login page…
03-20 Login” 2005- intitle:”Flash Operator Panel” 03-20 ext:php …
Flash Operator Panel is a switchboard type application for the Asterisk PBX.
It runs on a web b…
2005- intitle:asterisk.management.portal Coalescent Systems Inc. launched The Asterisk Management Portal project 03-20 web-access to bring together best-… 2005- intitle:HomeSeer.Web.Control | 03-18 Home.Status.Events….
HomeSeer (http://www.homeseer.com/) provides a well known home
2005intitle:”active webcam page” 02-15
searches for “Active Webcam” feeds on websites, a popular USB webcam interface….
2005- intitle:”Dell Laser Printer” ews 03-04
Finds Dell’s printers with EWS.EWS : Embedded Web Server technology enables the usage of a stan…
2005allintitle:Brains, Corp. camera 03-05
mmEye webcam / cam servermmEye is a multifunction multimedia server
automation solution (software + …
equipped with 32bit RISC CP…
2005inurl:camctrl.cgi 03-05
Vivotec web cams…
2005- intext:”Please enter correct 02-12 password for Adm…
Finds SMC Routers….
“SupervisionCam captures and compares images from video cameras, 2005intitle:”supervisioncam protocol” 02-22 (internet) image files or… 2005intitle:Linksys site:ourlinksys.com Ourlinksys.com DDNS entries pointing to Linksys web enabled cameras… 02-15 2005intitle:”DEFAULT_CONFIG – HP” 02-15
High scalable Ethernet switches by HP running in the default configuration…
2005- intitle:”switch login” “IBM Fast 02-15 Et…
IBM 8275 Model 416 High Performance Ethernet Workgroup Switch…
2005- intitle:"Brother" 02-04 intext:&qu…
Finds a real bunch of Brother printers…
2005- intitle:"Connection 02-02 Status" inte…
This is an intriguing way of finding various ‘5861 DMT Routers’ – the presence of a web-interfa…
2005inurl:na_admin 02-01
This searches for the admin pages for a “Network Appliance” box. An authenticated use…
2005intitle:”EpsonNet WebAssist Rev” This reveals the Epson Web Assist page (internal to the machine)… 01-28 2005-
intitle:”EverFocus.EDSR.applet”
The new EDSR-1600 (16-channel), EDSR-900 (9-channel) and EDSR-600 (6-
01-27
channel) digital video rec…
2005inurl:”8003/Display?what=” 01-27
Norton AntiVirus for GatewaysEasily administered from anywhere via an
2005allinurl:index.htm?cus?audio 01-27
This will find webcams made by Sweex, Orite and others. Supports motion
HTML interface, it scans …
detection, ftp, smtp an…
2005intitle:”Browser Launch Page” 01-21
An ActiveX based webcam– so use MS IE…
2005- intitle:”Network Print Server” 01-12 intext:&q…
Axis Network Print Server devices (a better shorter search)….
2005- intitle:”Network Print Server” 01-12 filetype:…
Axis Network Print Server devices. This search has all the possible urls (more
2005- intitle:”Setup Home” “You will 01-10 need…
This should reveal Belkin routers. Interestingly, Belkin routers by default
2005filetype:cgi transcoder.cgi 01-11
Digital Video Recorder by SnapStream. It is possible on misconfigured machines to stream video …
2004- inurl:”next_file=main_fs.htm” 12-30 inurl:img …
Linksys Wireless-G web cams….
2005- intitle:”SpeedStream *
than strictly ne…
have remote adminis…
a lot of Speed stream routers :)…
01-08 Management Interface&q… 2004- intitle:”Sipura.SPA.Configuration” Query returns configuration pages for online Voice over IP devices. Discloses 12-30 -.pdf an obscene amount… 200412-08
some of the sites are very, very interesting– try a search substituting
2004intitle:”Cayman-DSL.home” 12-19
Cayman DSL modems. Many Cayman units have a weakness where even if
2004- intitle:”Spam Firewall” 12-13 inurl:”8000…
The Barracuda Spam Firewall is an integrated hardware and software
site:gov instead of si…
remote administration is dis…
solution for complete protec…
2004intitle:”iVISTA.Main.Page” 12-13
And again another webcam search. MOst of these cams seem to be security
2004inurl:”:631/printers” -php -demo 12-13
CUPS provides a portable printing layer for UNIX®-based operating
cams…
systems. I…
2004Audio ReQuest home CD/MP3 player. Various information about the intitle:”AudioReQuest.web.server” 12-06 configuration of the host and s… 2004-
intitle:”V-Gear BEE”
V-Gear Bee Web Cameras…
12-06 2004- intitle:”Live NetSnap CamNetsnap Online Cameras… 12-06 Server feed” 2004- axis storpoint “file view” 12-04 inurl:/volume…
The Axis Storpoint device turns a SCSI or ATA box with lots of cdrom players (or
writers) into …
2004- inurl:”printer/main.html” 12-03 intext:”s…
Brother HL Printers….
2004- intext:”MaiLinX Alert 12-03 (Notify)” -site:ne…
Xerox DocuPrint printer models….
2004- “Copyright (c) Tektronix, 12-03 Inc.” “pr…
Captain, the Phasers are online :)…
2004inurl:”ipp/pdisplay.htm” 11-30
Providing a standout printing solution, Novell iPrint offers secure print services that
intext:”Videoconference
extend …
2004Management 11-28
Tandberg video conferencing appliancesThe webinterface enables you to drop calls
2004- intitle:”Smoothwall 11-24 Express” inurl:cgi-b…
smoothwall is a firewall operating system distribution based on Linux. (Not many
200411-23 intitle:”ipcop – main”
IPCop from aFirewall simple …is a Linux firewall for home and SOHO users. IPCop can be managed
2004- intitle:”EvoCam” 11-18 inurl:”webcam.html…
Evocams !…
2004“Starting SiteZAP 6.0” 11-16
siteZap webcams !…
System&quo…
2004inurl:axis-cgi 11-16
and to browse …
results for th…
Just another search string to detect the infamous Axis netcams. This company
actually changed t…
2004- “intitle:Cisco Systems, Inc. The Cisco VPN 3000 Concentrator is a remote access VPN. The ‘Concentrator’ is a piece of hardw… 11-09 VPN 3000 Concent…
2004- intext:”UAA (MSB)” 11-13 Lexmark -ext:pdf
Lexmark printers (T620, T522, Optra T614, E323, T622, Optra T610, Optra T616,
T520 and Optra S …
2004- intext:”Ready with 10/100T Xerox 860 and 8200 Printers…. 11-13 Ethernet” 2004- intitle:”Home” “Xerox 11-07 Corporation&q…
CentreWare Internet Services is an interactive service that uses Internet technology
2004- WebControl intitle:”AMX
AMX Netlink is a server appliance which connects various devices like a beamer,
11-06 NetLinx”
laptop or video…
2004- “please visit” intitle:”i11-03 Catcher C…
CCTV webcams by ICode….
2004- intitle:”toshiba network 10-25 camera – User Login&…
Web interface of Toshiba network cameras….
2004- inurl:”level/15/exec/10-20 /show”
to extend …
This search finds Cisco devices which have level 15 access open via webinterface. If
an attacke…
2004- site:.viewnetcam.com 10-19 www.viewnetcam.com
The FREE viewnetcam.com service allows you to create a personal
2004- intitle:”DVR Web client” 10-19
This embedded DVR is quick plug and play. Just plug it in and it will
web address (e.g., http://bob.v…
start recording. You can …
Tivo is a the digital replacement for your analog videorecorder. It’s a 2004inurl:TiVoConnect?Command=QueryServer 10-18 digital media system th… 2004inurl:netw_tcp.shtml 10-12
An Axis Network Camera captures and transmits live images directly
2004- (inurl:webArch/mainFrame.cgi ) | 10-11 (intitle:”we…
The Ricoh Aficio 2035 (fax/scanner) web interface.Attackers may
2004- intitle:”my webcamXP server!” 10-11 inurl:&quo… 2004camera linksys inurl:main.cgi 10-10 2004intitle:”DEFAULT_CONFIG – HP” 10-09
over an IP network (e.g. LAN…
read faxes and can get informat… “my webcamXP server!”Is there really an explantation needed?…
Another webcam, Linksys style….
searches for the web interface of HP switches….
2004intitle:”switch home page” “cisco s… 10-09
Most cisco switches are shipped with a web administration
2004intitle:”axis storpoint CD” intitle:&quo… 10-05
Axis’ network CD/DVD servers are faster, less costly and easier to manage than using full-blown…
interface. If a switch is reachable f…
2004intitle:webeye inurl:login.ml 10-05
This one gets you on the w ebinterface of Webeye webcams….
2004inurl:hp/device/this.LCDispatcher 10-05
This one gets you on the web interface of some more HP Printers….
2004Canon ImageReady machines 09-29
The “large” Canon ImageReady machines with model versions 3300, 5000 & 60000….
2004-
The Lantronix web manager home pages show the print server
intitle:”lantronix web-manager”
09-29
configuration (Server Name, Boot Cod…
2004- intitle:RICOH intitle:”Network 09-29 Administration…
Network Administration pages for several Ricoh Afficio printer
2004Aficio 1022 09-29
The Ricoh Aficio 1022 is a digital multifunctional B&W copier, easily
2004Konica Network Printer Administration 09-29
This finds Konica Network Printer Administration pages. There is one
models, for example the Aficio 1…
upgraded to include n…
result at the time of writ…
2004Fiery WebTools offers many of the same capabilities of the (“Fiery WebTools” inurl:index2.html) | &… 09-29 Command WorkStationââ₅ 2004- intitle:”The AXIS 200 Home Page” 09-29
The Axis 200 HOME pages reside within the AXIS 200 device and
2004More Axis netcams ! 09-29
More Axis Netcams, this search combines the cams with the default
hold information about the curre…
title (Live View) and extends…
2004intitle:”dreambox web” 09-10
this search will show web administration interfaces of linux dream boxes.The
2004- Phasers 08-05 4500/6250/8200/8400
More Xerox printers (Phasers 4500/6250/8200/8400). An attacker can access the
2004-
Canon has a series of netcams that all use the “WebView LiveScope” software. They
Canon Webview netcams
Dreambox is one of…
webinterface with…
07-29
are…
2004- Xerox Phaser® 07-22 840 Color Printer
This product is supported but no longer sold by Xerox in the United States. Support
2004Xerox Phaser 8200 07-22
Brochure info: “The Phaser 8200 uses solid ink, an alternative technology to laser printin…
2004- Xerox Phaser® 07-22 740 Color Printer
This product is supported but no longer sold by Xerox in the United States.
2004Xerox Phaser 6250 07-22
Base Specifications Phaser 6250N: Letter/Legal Size Color Printer 110V, 26ppm
and supplie…
Replacement Product…
Color/B&W (24…
2004- intitle:”BorderManager 07-19 Information alert”…
This is an Informational message produced by the Novell BorderManager firewall/proxy server. At…
2004These AXIS cams seem to run their own http server (Boa/0.94.13). The setup button intitle:”Live View / – AXIS” can be hidden… 07-19 2004- “powered by webcamXP” webcamXP PRO:http://www.webcamxp.com/productsadv.htmlThis is the most 07-16 “Pro|Broadcas… advanced version of the s… 2004- Panasonic WJ-NT104
The Panasonic WJ-NT104 allows easy monitoring with a conventional browser. More
07-10 netcams
vendor informat…
2004Mobotix netcams 07-10
Mobotix netcams use the thttpd-2.x. server (http://www.acme.com/software/thttpd/). The latest v…
2004- sony SNC-RZ20 network 07-10 cameras
sony NC RZ20 cameras, only one result for this cam at the moment, a nice street
2004- seyeon FlexWATCH 07-10 cameras
seyeon provides various type of products and software to build up a remote video
2004- sony SNC-RZ30 Network 07-10 Cameras
sony NC RZ30 camera’s require a java capable browser. The admin panel is found at http://[siten…
2004- Panasonic Network 07-10 Cameras
Panasonic Network Cameras can be viewed and controlled from a standard web
2004- intitle:”View and 07-08 Configure PhaserLink”
These printer’s configuration is wide open. Attackers can change just about any value through t…
2004Axis Network Cameras 06-06
The AXIS 2400 is a Web server of its own. This means that the server is secured like
view from a sky…
monitoring and…
browser. These camer…
any other …
Taken from http://www.exploit-db.com/google-dorks/ all categories in 1